CVE-2018-10084
CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...