CVE-2018-1000094

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
References
Link Resource
http://dev.cmsmadesimple.org/bug/view/11741 Exploit Issue Tracking Vendor Advisory
https://www.exploit-db.com/exploits/44976/ Exploit Third Party Advisory VDB Entry
http://dev.cmsmadesimple.org/bug/view/11741 Exploit Issue Tracking Vendor Advisory
https://www.exploit-db.com/exploits/44976/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.5:*:*:*:*:*:*:*

History

21 Nov 2024, 03:39

Type Values Removed Values Added
References () http://dev.cmsmadesimple.org/bug/view/11741 - Exploit, Issue Tracking, Vendor Advisory () http://dev.cmsmadesimple.org/bug/view/11741 - Exploit, Issue Tracking, Vendor Advisory
References () https://www.exploit-db.com/exploits/44976/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/44976/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2018-03-13 01:29

Updated : 2024-11-21 03:39


NVD link : CVE-2018-1000094

Mitre link : CVE-2018-1000094

CVE.ORG link : CVE-2018-1000094


JSON object : View

Products Affected

cmsmadesimple

  • cms_made_simple
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type