Cms Made Simple · Cms Made Simple · CVE-2018-10517
Name of the Vulnerable Software and Affected Versions:
CMS Made Simple versions prior to 2.2.8
Description:
The issue concerns a remote code execution vulnerability in the "module import" operation within the admin dashboard. This vulnerability can be exploited by an admin user, as an XML Package can contain base64-encoded PHP code in a data element.
Recommendations:
For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "module import" operation in the admin dashboard to minimize the risk of exploitation.