CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10521
https://notcve.org/view.php?id=CVE-2018-10521
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file move" en el dashboard de administrador contiene una vulnerabilidad de movimiento de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un usuario admini... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10522
https://notcve.org/view.php?id=CVE-2018-10522
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file view" en el dashboard de administrador contiene una vulnerabilidad de divulgación de información sensible, explotable por los usuarios ordinarios, debido a que el producto ex... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10523
https://notcve.org/view.php?id=CVE-2018-10523
27 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. CMS Made Simple (CMSMS) hasta la versión 2.2.7 contiene una vulnerabilidad de fuga de ruta física mediante /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10081
https://notcve.org/view.php?id=CVE-2018-10081
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. CMS Made Simple (CMSMS) hasta la versión 2.2.6 contiene una vulnerabilidad de restablecimiento de contraseña de administrador debido a que los valores de datos se comparan de forma incorrecta. Esto se demuestra con un hash que empieza con la subcadena "0e". • https://github.com/itodaro/cve/blob/master/README.md • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10082
https://notcve.org/view.php?id=CVE-2018-10082
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. CMS Made Simple (CMSMS) hasta la versión 2.2.7 permite el filtrado de la ruta física mediante un valor /index.php?page= no válido, un URI manipulado que comience por /index.php? • https://github.com/itodaro/cve/blob/master/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10083
https://notcve.org/view.php?id=CVE-2018-10083
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter. CMS Made Simple (CMSMS) hasta la versión 2.2.7 contiene una vulnerabilidad de borrado de archivos arbitrarios en el panel admin mediante secuencias de salto de directorio en el parámetro val con una petición cmd=del. Esto se debe a que el código... • https://github.com/itodaro/cve/blob/master/README.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10084
https://notcve.org/view.php?id=CVE-2018-10084
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. CMS Made Simple (CMSMS) hasta la versión 2.2.6 contiene una vulnerabilidad de escalado de privilegios de usuario ordinario a usuario administrador haciendo que el valor de eff_uid en $_COOKIE[$this->_loginkey] sea igual a 1. Esto se debe a que s... • https://github.com/itodaro/cve/blob/master/README.md • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2018-10085
https://notcve.org/view.php?id=CVE-2018-10085
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files. CMS Made Simple (CMSMS) hasta la versión 2.2.6 permite la inyección de objetos PHP debido a una llamada unserialize en la función _get_data de \lib\classes\internal\class.LoginOperations.php. Mediante el envío de una cookie manipulada, un ataca... • https://github.com/itodaro/cve/blob/master/README.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2018-10086
https://notcve.org/view.php?id=CVE-2018-10086
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. CMS Made Simple (CMSMS) hasta la versión 2.2.7 contiene una vulnerabilidad de ejecución de código arbitrario en el panel de administración debido a que la implementación emplea "eval('function testfunction'.rand()" y es posible omitir ciertas re... • https://github.com/itodaro/cve/blob/master/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10029
https://notcve.org/view.php?id=CVE-2018-10029
11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_name. Esto está relacionado con con moduledepends y es una vulnerabilidad diferente de CVE-2017-16799. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •