Directory Traversal Vulnerability in CMS Made Simple 2.2.7 Allows File Existence and Checksum Disclosure

Directory Traversal Vulnerability in CMS Made Simple 2.2.7 Allows File Existence and Checksum Disclosure

CVE-2018-9921 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.

Learn more about our Web App Pen Testing.