Main
Vulnerability Database
Exploits
ID:9739 - Exploit for Remote code execution in CMS Made Simple - CVE-2018-7448
ID:9739 - Exploit for Remote code execution in CMS Made Simple - CVE-2018-7448
Published: April 19, 2024
Vulnerability identifier: #VU10794
Vulnerability risk: High
CVE-ID: CVE-2018-7448
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
CMS Made Simple
CMS Made Simple
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary PHP code on the target system.
The weakness exists in the config.php file due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted input, inject arbitrary PHP code via the timezone parameter in the config.php file and execute arbitrary PHP code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the config.php file due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted input, inject arbitrary PHP code via the timezone parameter in the config.php file and execute arbitrary PHP code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.2 or later.