Lucene search

[email protected]CVE-2018-10521

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2018-10521

2022-10-0316:22:15

CWE-434

[email protected]

web.nvd.nist.gov

cve-2018-10521

cms made simple

cmsms

file move

admin dashboard

arbitrary file movement

vulnerability

dos

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

In CMS Made Simple (CMSMS) through 2.2.7, the “file move” operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleRange≤2.2.7

CPENameOperatorVersion
cmsmadesimple:cms_made_simplecmsmadesimple cms made simplele2.2.7

CPE	Name	Operator	Version
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	le	2.2.7

References

github.com/itodaro/cmsms_cve/blob/master/README.md

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for CVE-2018-10521

prion1 cvelist1 nvd1