Cmsmadesimple : Security Vulnerabilities, CVEs, (Denial of service)

CVE-2018-10521

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Max CVSS
4.0
EPSS Score
0.06%
Published
2018-04-27
Updated
2018-05-24

CVE-2018-10520

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03

CVE-2018-10518

In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03

CVE-2018-10516

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-27
Updated
2018-05-24
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close