Arbitrary File Deletion Vulnerability in CMS Made Simple Admin Dashboard
CVE-2018-10083

7.5HIGH

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 13 April 2018

Summary

The CMS Made Simple platform, specifically versions up to 2.2.7, is susceptible to an arbitrary file deletion issue. This vulnerability arises from insufficient validation of the 'val' parameter in the admin dashboard when executing a file delete command. Attackers can exploit this by using directory traversal sequences, potentially leading to unauthorized access and manipulation of sensitive files within the server. Proper security measures are essential to mitigate risks associated with this vulnerability.

References

https://github.com/itodaro/cve/blob/master/README.md

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 13, 2018