CVE-2018-1000158
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of sendrecoveryemail in the line "$url = $config'adminurl' . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker...