PT-2018-9943 · Cms Made Simple · Cms Made Simple

Published

2018-04-27

Updated

2018-05-24

CVE-2018-10521

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions prior to 2.2.8

Description: The issue concerns an arbitrary file movement vulnerability in the "file move" operation within the admin dashboard. This can lead to a denial-of-service (DoS) condition. The vulnerability is exploitable by an admin user and can cause the config.php file to be moved into an incorrect directory.

Recommendations: For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "file move" operation in the admin dashboard to minimize the risk of exploitation.

Exploit

Fix

DoS

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-10521

Affected Products

Cms Made Simple

PT-2018-9943 · Cms Made Simple · Cms Made Simple

CVE-2018-10521

Weakness Enumeration

Related Identifiers

Affected Products

References · 3