CVE-2018-1000094

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
References
Link Resource
http://dev.cmsmadesimple.org/bug/view/11741 Exploit Issue Tracking Vendor Advisory
https://www.exploit-db.com/exploits/44976/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-13 01:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-1000094

Mitre link : CVE-2018-1000094

CVE.ORG link : CVE-2018-1000094


JSON object : View

Products Affected

cmsmadesimple

  • cms_made_simple
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type