CVE-2018-10084

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions through 2.2.6

Description: The issue allows for a privilege escalation from an ordinary user to an admin user. This is achieved by manipulating the eff uid value within $ COOKIE[$this-> loginkey] to equal 1, effectively bypassing an SHA-1 cryptographic protection mechanism.

Recommendations: For CMS Made Simple versions through 2.2.6, update to a version that contains a fix for this issue to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.