7 matches found
CMS Made Simple 2.2.5 Authenticated Remote Command Execution Exploit
CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module requires Metasploit: https://metasploit.com/download Current source:...
CMS Made Simple Authenticated RCE via File Upload/Copy
CMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versions 2.2.5 and 2.2.7. This module...
CMS Made Simple File Manager Remote Code Execution (CVE-2018-1000094)
A remote command execution vulnerability exists in the File Manager interface of CMS Made Simple 2.2.5. By uploading a malicious file, an authenticated attacker with administrator privileges can exploit this vulnerability for execution of arbitrary code...
CMS Made Simple 2.2.5 Remote Code Execution
Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE: CVE-2018-1000094 import requests...
CMSMadeSimple 2.2.5 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE:...
CVE-2018-1000094
creationtimestamp| type| source ---|---|--- 2018-07-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44976 2018-07-19 17:25:57+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cmsmsuploadrenamerce.rb...
CVE-2018-1000094
CVE-2018-1000094 affects CMS Made Simple 2.2.5. The vulnerability is a remote code execution via the File Manager, exploitable by an authenticated administrator who can upload a file and copy/rename it to a PHP extension, enabling execution of arbitrary code on the server (e.g., via a PHP shell)....