2 matches found
CVE-2017-11405
In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...
CVE-2017-11405
CMS Made Simple (CMSMS) 2.2.2 is affected by CVE-2017-11405. Remote authenticated administrators can abuse a sequence of actions (CMSContentManager to admin/moduleinterface.php, then a FilePicker action that changes type=image to type=file) to upload a PHP file. The exact vulnerability chain enab...