CVE-2018-1000094: Malicious File Upload
First published: Tue Mar 13 2018(Updated: )
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple CMS | =2.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1000094?
CVE-2018-1000094 is considered a critical vulnerability due to its potential for Remote Code Execution.
How do I fix CVE-2018-1000094?
To fix CVE-2018-1000094, upgrade CMS Made Simple to a version higher than 2.2.5.
Who is affected by CVE-2018-1000094?
CVE-2018-1000094 affects authenticated admins using CMS Made Simple version 2.2.5 with access to the file manager.
What type of vulnerability is CVE-2018-1000094?
CVE-2018-1000094 is a Remote Code Execution vulnerability that allows execution of arbitrary code on the server.
When was CVE-2018-1000094 disclosed?
CVE-2018-1000094 was disclosed in early 2018, highlighting serious security concerns for affected systems.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cmsmadesimple
- canonical/simple cms
- version/simple cms/2.2.5