CVE-2018-9921

2018-04-2318:00:00

mitre

www.cve.org

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

41.5%

JSON

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.

References

gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98