2 matches found
CVE-2018-10083
CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...
CVE-2018-10083
CMS Made Simple (CMSMS) up to version 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard. The flaw is triggered by directory traversal sequences in the val parameter of a cmd=del request, due to inadequate validation in the modules/FilePicker code. Impact is the potent...