In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
References
Link | Resource |
---|---|
https://github.com/itodaro/cmsms_cve/blob/master/README.md | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-04-27 11:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-10520
Mitre link : CVE-2018-10520
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
cmsmadesimple
- cms_made_simple