2 matches found
CVE-2018-10086
CMS Made Simple CMSMS through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval'function testfunction'.rand" and it is possible to bypass certain restrictions on these "testfunction" functions...
CVE-2018-10086
CMS Made Simple (CMSMS) up to version 2.2.7 has an arbitrary code execution vulnerability in the admin dashboard. The root cause is the use of eval('function testfunction'.rand()) which can bypass certain restrictions on these testfunction functions. Affected product: CMSMS. The issue is document...