CVE-2018-1000094
Last modified
CVE-2018-1000094 is a vulnerability of currently unknown severity. CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.. EPSS estimates a 40.55% chance of exploitation in the next 30 days.
Description
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cmsmadesimple | Cms Made Simple | 2.2.5 |
References
- http://dev.cmsmadesimple.org/bug/view/11741Exploit, Issue Tracking, Vendor Advisory
- https://www.exploit-db.com/exploits/44976/Exploit, Third Party Advisory, VDB Entry
- http://dev.cmsmadesimple.org/bug/view/11741Exploit, Issue Tracking, Vendor Advisory
- https://www.exploit-db.com/exploits/44976/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000094?
How severe is CVE-2018-1000094?
How do I fix CVE-2018-1000094?
Are you affected by CVE-2018-1000094?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST