CVE-2024-1527

CRITICAL

CMS Made Simple 2.2.14 - Authenticated Unrestricted File Upload and Remote Code Execution

Title source: llm

Description

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple

Scores

CVSS v3 9.8

EPSS 0.0092

EPSS Percentile 55.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

cmsmadesimple/cms_made_simple 2.2.14

Published Mar 12, 2024

Tracked Since Feb 18, 2026