Sensitive Information Disclosure Vulnerability in CMS Made Simple (CMSMS) through 2.2.7

Sensitive Information Disclosure Vulnerability in CMS Made Simple (CMSMS) through 2.2.7

CVE-2018-10522 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.

Learn more about our Cms Pen Testing.