CVE-2024-1527

CRITICAL

Cmsmadesimple Cms Made Simple - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 17.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

cmsmadesimple/cms_made_simple 2.2.14

Published Mar 12, 2024

Tracked Since Feb 18, 2026