exploitDog

CVE-2018-1000094

Опубликовано: 13 мар. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Средний

Описание

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Ссылки

http://dev.cmsmadesimple.org/bug/view/11741
Exploit
Issue Tracking
Vendor Advisory
https://www.exploit-db.com/exploits/44976/
Exploit
Third Party Advisory
VDB Entry
http://dev.cmsmadesimple.org/bug/view/11741
Exploit
Issue Tracking
Vendor Advisory
https://www.exploit-db.com/exploits/44976/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.54916

Средний

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-h4gq-g24g-w4pf

CVSS3: 7.2

github

больше 3 лет назад

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

EPSS

Процентиль: 98%

0.54916

Средний

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434