CVE-2018-10086

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
References
Link Resource
https://github.com/itodaro/cve/blob/master/README.md Exploit Technical Description
Configurations

Configuration 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Information

Published : 2018-04-13 05:29

Updated : 2019-10-03 12:03


NVD link : CVE-2018-10086

Mitre link : CVE-2018-10086

Products Affected
No products.
CWE