4 matches found
CVE-2018-10084
CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...
Privilege escalation
CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...
CVE-2018-10084
CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...
CVE-2018-10084
CMS Made Simple (CMSMS) vulnerability: CVE-2018-10084 affects CMSMS 2.2.7 (and earlier in some entries) where an ordinary user can escalate to admin by forcing eff_uid in $_COOKIE[$this->_loginkey] to 1. This occurs because files in the tmp/ directory become accessible via HTTP requests and an...