CVE-2018-10522

Name of the Vulnerable Software and Affected Versions: CMS Made Simple (CMSMS) versions prior to 2.2.8

Description: The issue concerns a sensitive information disclosure problem in the admin dashboard's "file view" operation. This is due to the product exposing unrestricted access to the PHP file get contents function, making it exploitable by ordinary users.

Recommendations: For CMS Made Simple (CMSMS) versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard's "file view" operation to minimize the risk of exploitation.