CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
References
Link | Resource |
---|---|
http://dev.cmsmadesimple.org/bug/view/11741 | Exploit Issue Tracking Vendor Advisory |
https://www.exploit-db.com/exploits/44976/ | Exploit Third Party Advisory VDB Entry |
http://dev.cmsmadesimple.org/bug/view/11741 | Exploit Issue Tracking Vendor Advisory |
https://www.exploit-db.com/exploits/44976/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://dev.cmsmadesimple.org/bug/view/11741 - Exploit, Issue Tracking, Vendor Advisory | |
References | () https://www.exploit-db.com/exploits/44976/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-03-13 01:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000094
Mitre link : CVE-2018-1000094
CVE.ORG link : CVE-2018-1000094
JSON object : View
Products Affected
cmsmadesimple
- cms_made_simple
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type