Arbitrary Code Execution Vulnerability in CMS Made Simple (CMSMS) Admin Dashboard

Arbitrary Code Execution Vulnerability in CMS Made Simple (CMSMS) Admin Dashboard

CVE-2018-10086 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.

Learn more about our Web Application Penetration Testing UK.