2 matches found
CVE-2018-10082
CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...
CVE-2018-10082
CMS Made Simple (CMSMS) up to version 2.2.7 is affected by a physical path disclosure vulnerability. The issue occurs when an attacker submits requests that trigger leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or direct requests to /admin/head...