Arbitrary File Deletion Vulnerability in CMS Made Simple (CMSMS) 2.2.7

Arbitrary File Deletion Vulnerability in CMS Made Simple (CMSMS) 2.2.7

CVE-2018-10520 · HIGH Severity

AV:N/AC:L/AU:S/C:N/I:C/A:C

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.

Learn more about our Cms Pen Testing.