In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
References
Link | Resource |
---|---|
https://github.com/itodaro/cmsms_cve/blob/master/README.md | Exploit Third Party Advisory |
https://github.com/itodaro/cmsms_cve/blob/master/README.md | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/itodaro/cmsms_cve/blob/master/README.md - Exploit, Third Party Advisory |
Information
Published : 2018-04-27 18:29
Updated : 2024-11-21 03:41
NVD link : CVE-2018-10520
Mitre link : CVE-2018-10520
CVE.ORG link : CVE-2018-10520
JSON object : View
Products Affected
cmsmadesimple
- cms_made_simple
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource