In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-27T18:00:00
Updated: 2024-08-05T07:39:08.207Z
Reserved: 2018-04-27T00:00:00
Link: CVE-2018-10517
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-04-27T18:29:00.430
Modified: 2019-03-15T18:07:07.450
Link: CVE-2018-10517
Redhat
No data.