CMS Made Simple (CMSMS) up to and including 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cmsmadesimple cms made simple |