CVE-2018-1000094

HIGH

CMS Made Simple <2.2.5 - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-1000094. PoCs published by Mustafa Hasan, longhd05, duylonggg, including Metasploit module exploits/multi/http/cmsms_upload_rename_rce.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in CMS Made Simple 2.2.5 to upload a malicious PHP file, then copies it to a web-accessible directory for remote code execution.

Description

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Mustafa Hasan · pythonwebappsphp
https://www.exploit-db.com/exploits/44976

This exploit leverages an authenticated file upload vulnerability in CMS Made Simple 2.2.5 to upload a malicious PHP file, then copies it to a web-accessible directory for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CMS Made Simple 2.2.5
Auth required
Prerequisites: Valid admin credentials · Access to the admin panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by longhd05 · poc
https://gitlab.com/longhd05/cve-2018-1000094

This repository contains a functional exploit for CVE-2018-1000094, an authenticated remote code execution vulnerability in CMS Made Simple 2.2.5. The exploit leverages file upload and copy mechanisms to achieve RCE via a crafted PHP payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CMS Made Simple 2.2.5
Auth required
Prerequisites: valid credentials for CMS Made Simple admin panel · access to the file upload functionality
devstral-2 · analyzed Mar 20, 2026 Full analysis →
gitlab WORKING POC
by duylonggg · poc
https://gitlab.com/duylonggg/cve-2018-1000094

This repository contains a functional exploit for CVE-2018-1000094, an authenticated remote code execution vulnerability in CMS Made Simple 2.2.5. The exploit leverages file upload and copy mechanisms to achieve RCE via a crafted PHP payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CMS Made Simple 2.2.5
Auth required
Prerequisites: Authenticated access to CMS Made Simple admin panel · File upload and copy permissions
devstral-2 · analyzed Feb 23, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Mustafa Hasen, Jacob Robles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cmsms_upload_rename_rce.rb

This Metasploit module exploits an authenticated file upload vulnerability in CMS Made Simple, allowing an attacker to upload a malicious file and rename it to a .php extension for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CMS Made Simple versions 2.2.5 and 2.2.7
Auth required
Prerequisites: Valid administrator credentials · Access to the admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44976/
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
http://dev.cmsmadesimple.org/bug/view/11741

Scores

CVSS v3 7.2
EPSS 0.4055
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
cmsmadesimple/cms_made_simple 2.2.5
Published Mar 13, 2018
Tracked Since Feb 18, 2026