Remote Code Execution Vulnerability in CMS Made Simple (CMSMS) through 2.2.7 via Module Import Operation

Remote Code Execution Vulnerability in CMS Made Simple (CMSMS) through 2.2.7 via Module Import Operation

CVE-2018-10517 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.

Learn more about our Cms Pen Testing.