CVE-2018-10516

Published: Apr 27, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.

Affected (1)

Products: Cmsmadesimple: Cms Made Simple

Cmsmadesimple

1 product

Cms Made Simple

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Up to 2.2.7

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/itodaro/cmsms_cve/blob/master/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/itodaro/cmsms_cve/blob/master/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.