CVE-2018-9921
MEDIUMCMS Made Simple 2.2.7 - Path Traversal via Admin Checksum Endpoint
Title source: llmDescription
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98
Scores
CVSS v3
5.3
EPSS
0.0035
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
cmsmadesimple/cms_made_simple
2.2.7
Published
Apr 23, 2018
Tracked Since
Feb 18, 2026