Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.6 views

CVE-2018-10084

CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...

8.8CVSS7.1AI score0.00766EPSS
Exploits1References1
Prion
Prion
added 2018/04/27 6:29 p.m.19 views

Privilege escalation

CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...

6.5CVSS8.9AI score0.01014EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/04/13 5:29 a.m.1 views

CVE-2018-10084

CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...

8.8CVSS5.8AI score0.00766EPSS
Exploits1References1
CVE
CVE
added 2018/04/13 5:0 a.m.53 views

CVE-2018-10084

CMS Made Simple (CMSMS) vulnerability: CVE-2018-10084 affects CMSMS 2.2.7 (and earlier in some entries) where an ordinary user can escalate to admin by forcing eff_uid in $_COOKIE[$this->_loginkey] to 1. This occurs because files in the tmp/ directory become accessible via HTTP requests and an...

8.8CVSS8.8AI score0.00766EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder