CVE-2018-10522

2018-04-27T18:29:00
ID CVE-2018-10522
Type cve
Reporter cve@mitre.org
Modified 2018-05-24T15:45:00

Description

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.