Vulnerability Details : CVE-2018-1000094
Public exploit exists!
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2018-1000094
Probability of exploitation activity in the next 30 days: 82.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2018-1000094
-
CMS Made Simple Authenticated RCE via File Upload/Copy
Disclosure Date: 2018-07-03First seen: 2020-04-26exploit/multi/http/cmsms_upload_rename_rceCMS Made Simple allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module has been successfully tested on CMS Made Simple versio
CVSS scores for CVE-2018-1000094
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2018-1000094
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000094
-
https://www.exploit-db.com/exploits/44976/
CMS Made Simple 2.2.5 - (Authenticated) Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
http://dev.cmsmadesimple.org/bug/view/11741
CMS Made Simple - Forge : CMS Made Simple CoreExploit;Issue Tracking;Vendor Advisory
Products affected by CVE-2018-1000094
- cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.5:*:*:*:*:*:*:*