|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-11-29 | |
| Rule Name: | CMS Made Simple Authenticated RCE via File Upload/Copy Vulnerability (CVE-2018-1000094) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Mac OS | |
| Reference: | ExploitDB:44976 http://dev.cmsmadesimple.org/bug/view/11741 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.cmsmadesimple.org/ |