CVE-2018-10086

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.

Published: Apr 13, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-10086
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	-	2.2.7.x

https://github.com/itodaro/cve/blob/master/README.md

Vulnerability Database

289,784

CVE-2018-10086