Physical Path Leakage in CMS Made Simple (CMSMS) 2.2.7

CVE-2018-10082 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.

Learn more about our Physical Security Assessment.