CVE-2018-1000094

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Published: Mar 13, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1000094
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	2.2.5	2.2.5.x

http://dev.cmsmadesimple.org/bug/view/11741
https://www.exploit-db.com/exploits/44976/

Vulnerability Database

289,784

CVE-2018-1000094