CVE-2018-1000094

EUVD-2018-1833
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
cmsmadesimplecms_made_simple
2.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev.cmsmadesimple.org/bug/view/11741
https://www.exploit-db.com/exploits/44976/
http://dev.cmsmadesimple.org/bug/view/11741
https://www.exploit-db.com/exploits/44976/