2 matches found
CVE-2018-10520
In CMS Made Simple CMSMS through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...
CVE-2018-10520
CMS Made Simple (CMSMS) up to version 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard’s module remove operation. The issue allows an admin user to delete files under the lib/ directories across all paths, leading to denial of service (DoS). The description from Red ...