PT-2018-9940 · Cms Made Simple · Cms Made Simple

Published

2018-04-27

Updated

2019-10-03

CVE-2018-10518

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions prior to 2.2.8

Description: The issue allows for arbitrary file deletion, potentially leading to a denial of service (DoS), and can be exploited by an admin user. This is because an attacker can remove all lib/ files in all directories through the "file delete" operation in the admin dashboard.

Recommendations: For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "file delete" operation in the admin dashboard to minimize the risk of exploitation.

Exploit

Fix

DoS

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-10518

Affected Products

Cms Made Simple

PT-2018-9940 · Cms Made Simple · Cms Made Simple

CVE-2018-10518

Weakness Enumeration

Related Identifiers

Affected Products

References · 3