Admin Password Reset Vulnerability in CMS Made Simple
CVE-2018-10081

9.8CRITICAL

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 13 April 2018

🔔 Create Cmsmadesimple Vulnerability Alert

What is CVE-2018-10081?

The CMS Made Simple platform, up to version 2.2.6, is susceptible to an admin password reset vulnerability caused by improper data value comparisons. This flaw can potentially allow unauthorized users to reset passwords by exploiting the weakness in how hash values are validated, particularly those beginning with the '0e' substring. Users are encouraged to assess their systems and apply appropriate security measures to mitigate against this vulnerability.

References

https://github.com/itodaro/cve/blob/master/README.md

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 13, 2018