CVSS: 7.2EPSS: 18%CPEs: 1EXPL: 4CVE-2018-10517 – CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10517
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "module import" en el dashboard de administrador contiene una vulnerabilidad de ejecución remota de código explotable por un usuario administrador debido a que un paquete XML puede contener código ... • https://packetstorm.news/files/id/150173 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10518
https://notcve.org/view.php?id=CVE-2018-10518
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "module import" en el dashboard de administrador contiene una vulnerabilidad de eliminación de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un u... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10519
https://notcve.org/view.php?id=CVE-2018-10519
27 Apr 2018 — CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084. CMS Made Simple (CMSMS) 2.2.7 contiene una vulnerabilidad de escalado de privilegios de usuario ordinario a usuario administrador haciendo que el valor de eff_uid en $_... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10520
https://notcve.org/view.php?id=CVE-2018-10520
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "module remove" en el dashboard de administrador contiene una vulnerabilidad de eliminación de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10521
https://notcve.org/view.php?id=CVE-2018-10521
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file move" en el dashboard de administrador contiene una vulnerabilidad de movimiento de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un usuario admini... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10522
https://notcve.org/view.php?id=CVE-2018-10522
27 Apr 2018 — In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file view" en el dashboard de administrador contiene una vulnerabilidad de divulgación de información sensible, explotable por los usuarios ordinarios, debido a que el producto ex... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10523
https://notcve.org/view.php?id=CVE-2018-10523
27 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. CMS Made Simple (CMSMS) hasta la versión 2.2.7 contiene una vulnerabilidad de fuga de ruta física mediante /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.... • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9921
https://notcve.org/view.php?id=CVE-2018-9921
23 Apr 2018 — In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. En CMS Made Simple 2.2.7, un problema de salto de directorio hace que sea posible determinar la existencia de archivos y directorios fuera del directorio de instalación del sitio web, así como determinar si un archivo ... • https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000158
https://notcve.org/view.php?id=CVE-2018-1000158
18 Apr 2018 — cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack. cmsmadesimple 2.2.7 contiene una vulnerabilidad de control de acceso incorrecto en la función send_recovery_email en la línea "$url = $config['adm... • http://dev.cmsmadesimple.org/bug/view/11762 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10081
https://notcve.org/view.php?id=CVE-2018-10081
13 Apr 2018 — CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. CMS Made Simple (CMSMS) hasta la versión 2.2.6 contiene una vulnerabilidad de restablecimiento de contraseña de administrador debido a que los valores de datos se comparan de forma incorrecta. Esto se demuestra con un hash que empieza con la subcadena "0e". • https://github.com/itodaro/cve/blob/master/README.md • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •