First published: Mon Apr 23 2018(Updated: )
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Really Simple CMS | =2.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9921 has a medium severity rating due to its potential for exposing sensitive information.
To fix CVE-2018-9921, upgrade CMS Made Simple to version 2.2.8 or later, which addresses this vulnerability.
CVE-2018-9921 allows attackers to perform a Directory Traversal attack, potentially exposing files outside the intended directory.
CVE-2018-9921 specifically affects CMS Made Simple version 2.2.7; other versions may or may not be affected.
CVE-2018-9921 can be exploited by sending crafted requests to the admin/checksum.php endpoint.