CVE-2018-1000094

high-risk

Published 2018-03-13

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Do I need to act?

54.9% chance of exploitation in next 30 days

EPSS score — higher than 45% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

44976

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (1)

Cms Made Simple

Affected Vendors

Cmsmadesimple

References (4)

Exploit http://dev.cmsmadesimple.org/bug/view/11741

Exploit https://www.exploit-db.com/exploits/44976/

Exploit http://dev.cmsmadesimple.org/bug/view/11741

Exploit https://www.exploit-db.com/exploits/44976/

/ 100

high-risk

Severity 26/34 · High

Exploitability 25/34 · High

Exposure 5/34 · Minimal