2 matches found
CMS Made Simple elevation of privilege vulnerability (CNVD-2018-08917)
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. CMSMS 2.2.7 version of the existence of a power...
Privilege escalation
CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...