Physical Path Leakage in CMS Made Simple (CMSMS) 2.2.7
CVE-2018-10082 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
Learn more about our Physical Security Assessment.