Описание
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.7 (включая)
cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00284
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 2.7
github
больше 3 лет назад
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
EPSS
Процентиль: 51%
0.00284
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-434