Vulnerability Details : CVE-2018-1000094
Public exploit exists!
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Vulnerability category: Execute code
Products affected by CVE-2018-1000094
- cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000094
77.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-1000094
-
CMS Made Simple Authenticated RCE via File Upload/Copy
Disclosure Date: 2018-07-03First seen: 2020-04-26exploit/multi/http/cmsms_upload_rename_rceCMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versio
CVSS scores for CVE-2018-1000094
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2018-1000094
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000094
-
https://www.exploit-db.com/exploits/44976/
CMS Made Simple 2.2.5 - (Authenticated) Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
http://dev.cmsmadesimple.org/bug/view/11741
CMS Made Simple - Forge : CMS Made Simple CoreExploit;Issue Tracking;Vendor Advisory
Jump to