Unrestricted File Upload Vulnerability Affects CMS Made Simple
CVE-2024-1527

8.8HIGH

Key Information:

Vendor: Cms Made Simple
Status: Cms Made Simple
Vendor: CVE Published:; 12 March 2024

🔔 Create Cms Made Simple Vulnerability Alert

What is CVE-2024-1527?

CMS Made Simple version 2.2.14 contains a vulnerability that permits an authenticated user to perform unrestricted file uploads. This flaw undermines the security framework of the upload functionality, allowing potential attackers to leverage the vulnerability to upload malicious files. If successfully exploited, this could enable remote command execution through a webshell, leading to severe security impacts on affected systems. Organizations using this version should prioritize applying security patches and assess their configurations to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CMS Made Simple 2.2.14

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 15, 2024

Credit

Rafael Pedrero

JSON

Cms Made Simple

What is CVE-2024-1527?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.