Description
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/itodaro/cmsms_cve/blob/master/README.md
Scores
CVSS v3
2.7
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-434
Status
published
Products (1)
cmsmadesimple/cms_made_simple
< 2.2.7
Published
Apr 27, 2018
Tracked Since
Feb 18, 2026