CVE-2017-11405CVE-2017-11405

Affected configuration(s):

cpe:/a:cmsmadesimple:cms_made_simple:2.2.2

Date published: 2017-07-17T20:29:00.277-04:00

Date last modified: 2017-07-19T15:04:26.250-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/filepickerimages/FilePicker_upload_vulnerability.html

Summary: In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.