2 matches found
CVE-2018-10522
In CMS Made Simple CMSMS through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP filegetcontents function...
CVE-2018-10522
CMS Made Simple (CMSMS) up to version 2.2.7 contains an information-disclosure vulnerability in the admin dashboard’s file view operation. The issue arises because the PHP file_get_contents function is exposed without access restrictions, allowing ordinary users to read arbitrary files. The cited...