CVE-2018-1000094

Published: Mar 13, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Affected (1)

Products: Cmsmadesimple: Cms Made Simple

1 product

Cms Made Simple

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Version 2.2.5

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://dev.cmsmadesimple.org/bug/view/11741

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://www.exploit-db.com/exploits/44976/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://dev.cmsmadesimple.org/bug/view/11741

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://www.exploit-db.com/exploits/44976/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.