Main Vulnerability Database Exploits ID:6186 - Exploit for Command injection in CMS Made Simple - CVE-2018-1000094

ID:6186 - Exploit for Command injection in CMS Made Simple - CVE-2018-1000094

Published: June 17, 2021

Vulnerability identifier: #VU13890

Vulnerability risk: High

CVE-ID: CVE-2018-1000094

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
CMS Made Simple

Link to public exploit:

https://www.exploit-db.com/exploits/44976/

Vulnerability description

The vulnerability allows a remote administrative attacker to execute arbitrary commands on the target system.

The vulnerability exists in the File Manager interface of CMS Made Simple due to insufficient validation of user-supplied input. A remote attacker can upload a malicious file, inject arbitrary commands and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Vendor doesn't plan to fix the vulnerability.

ID:6186 - Exploit for Command injection in CMS Made Simple - CVE-2018-1000094

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human