| |
Vulnerability CVE-2018-10518
Published: 2018-04-27
Description: |
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. |
Type:
CWE-732
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
8.5/10 |
9.2/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Complete |
Complete |
References: |
https://github.com/itodaro/cmsms_cve/blob/master/README.md
|
|
|
Copyright 2024, cxsecurity.com
|
|
|