CVE-2017-11405

MEDIUM

Cmsmadesimple Cms Made Simple - Unrestricted File Upload

Title source: rule

Description

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.

References (1)

[Exploit, Third Party Advisory] http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/filepickerimages/FilePicker_upload_vulnerability.html

Scores

CVSS v3 4.9

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-434

Status published

Products (2)

cmsmadesimple/cms_made_simple

n/a/n/a

Published Jul 18, 2017

Tracked Since Feb 18, 2026