CVE-2018-9921

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.7

Description A Directory Traversal issue allows an attacker to determine the existence of files and directories outside the web-site installation directory. It also enables checking if a file has contents matching a specified checksum. The attack is carried out using the "admin/checksum.php? c=" API endpoint, specifically targeting the c variable.

Recommendations For CMS Made Simple version 2.2.7, as a temporary workaround, consider restricting access to the "admin/checksum.php" API endpoint to minimize the risk of exploitation. Avoid using the c variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.