CVE-2018-10515

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions prior to 2.2.8

Description: The issue concerns a remote code execution vulnerability in the "file unpack" operation within the admin dashboard. This vulnerability can be exploited by an admin user, as a .php file can be included in the extracted ZIP archive, potentially leading to code execution.

Recommendations: For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "file unpack" operation in the admin dashboard to minimize the risk of exploitation.