CVE-2024-1527

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.14

Description The issue is an unrestricted file upload vulnerability that allows an authenticated user to bypass the security measures of the upload functionality. This could potentially lead to remote execution of commands via a webshell.

Recommendations For version 2.2.14, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the upload module to minimize the risk of unauthorized file uploads. Avoid using the vulnerable upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.