CVE-2018-10521

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions prior to 2.2.8

Description: The issue concerns an arbitrary file movement vulnerability in the "file move" operation within the admin dashboard. This can lead to a denial-of-service (DoS) condition. The vulnerability is exploitable by an admin user and can cause the config.php file to be moved into an incorrect directory.

Recommendations: For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "file move" operation in the admin dashboard to minimize the risk of exploitation.