In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cmsmadesimple cms made simple |