Lucene search
K

7 matches found

0day.today
0day.today
added 2018/07/20 12:0 a.m.633 views

CMS Made Simple 2.2.5 Authenticated Remote Command Execution Exploit

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module requires Metasploit: https://metasploit.com/download Current source:...

4.3CVSS6.4AI score0.40548EPSS
Exploits15
Metasploit
Metasploit
added 2018/07/17 2:0 p.m.57 views

CMS Made Simple Authenticated RCE via File Upload/Copy

CMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versions 2.2.5 and 2.2.7. This module...

7.2CVSS6.9AI score0.40548EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2018/07/09 12:0 a.m.27 views

CMS Made Simple File Manager Remote Code Execution (CVE-2018-1000094)

A remote command execution vulnerability exists in the File Manager interface of CMS Made Simple 2.2.5. By uploading a malicious file, an authenticated attacker with administrator privileges can exploit this vulnerability for execution of arbitrary code...

6.5CVSS4.5AI score0.40548EPSS
Exploits8
Packet Storm
Packet Storm
added 2018/07/04 12:0 a.m.50 views

CMS Made Simple 2.2.5 Remote Code Execution

Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE: CVE-2018-1000094 import requests...

6.5CVSS0.2AI score0.40548EPSS
Exploits8
0day.today
0day.today
added 2018/07/04 12:0 a.m.79 views

CMSMadeSimple 2.2.5 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE:...

4.3CVSS6.5AI score0.40548EPSS
Exploits15
Circl
Circl
added 2018/07/04 12:0 a.m.16 views

CVE-2018-1000094

creationtimestamp| type| source ---|---|--- 2018-07-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44976 2018-07-19 17:25:57+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cmsmsuploadrenamerce.rb...

7.2CVSS6.7AI score0.40548EPSS
Exploits8References2
CVE
CVE
added 2018/03/13 1:0 a.m.79 views

CVE-2018-1000094

CVE-2018-1000094 affects CMS Made Simple 2.2.5. The vulnerability is a remote code execution via the File Manager, exploitable by an authenticated administrator who can upload a file and copy/rename it to a PHP extension, enabling execution of arbitrary code on the server (e.g., via a PHP shell)....

7.2CVSS7.2AI score0.40548EPSS
Exploits8References2Affected Software1
Rows per page
Query Builder