In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cmsmadesimple cms made simple |