CVE-2018-10517
CVE-2018-10517
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/0x00-0x00/CVE-2018-10517★ 5cve_referencewww.exploit-db.com/exploits/45793/unverifiedexploitdbwww.exploit-db.com/exploits/45793unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →