Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-7448

Published: 26/02/2018 Updated: 22/03/2018
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 856
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Cms Made Simple

Vulnerability Summary

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote malicious users to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cmsmadesimple cms made simple 2.1.6

Exploits

Exploit DB: CMS Made Simple 2.1.6 - Remote Code Execution
# Exploit Title: CMS Made Simple 216 - Remote Code Execution # Date: 2018-02-26 # Exploit Author: Keerati T # Vendor Homepage: wwwcmsmadesimpleorg/ # Software Link: s3amazonawscom/cmsms/downloads/13570/cmsms-2 16-installzip # Version: 216 # CVE: CVE-2018-7448 # Tested on: Linux 1Description Arbitrary PHP code can be inje ...
Exploit DB: CMS Made Simple 2.1.6 Remote Code Execution
CMS Made Simple version 216 suffers from a remote code execution vulnerability during install time ...

Github Repositories

https://github.com/b1d0ws/exploit-cve-2018-7448

Python script for CMS Made Simple 2.1.6 - Remote Code Execution.

exploit-cve-2018-7448 Purpose This is a python script to automate CMS Made Simple 216 - Remote Code Execution - CVE-2018-7448 It was created based on wwwexploit-dbcom/exploits/44192 Usage python3 exploit-CVE-2018-7448py -t 127001/cmsms -d cms -u root -p password Troubleshooting If the installer is different from cmsms-21

https://github.com/b1d0ws/exploit-CVE-2018-7448

Python script for CMS Made Simple 2.1.6 - Remote Code Execution.

exploit-CVE-2018-7448 Purpose This is a python script to automate CMS Made Simple 216 - Remote Code Execution - CVE-2018-7448 It was created based on wwwexploit-dbcom/exploits/44192 Usage python3 exploit-CVE-2018-7448py -t 127001/cmsms -d cms -u root -p password Troubleshooting If the installer is different from cmsms-21

References

CWE-78https://packetstormsecurity.com/files/146568/CMS-Made-Simple-2.1.6-Remote-Code-Execution.htmlhttp://dev.cmsmadesimple.org/project/changelog/5471https://www.exploit-db.com/exploits/44192/https://nvd.nist.govhttps://github.com/b1d0ws/exploit-cve-2018-7448https://www.exploit-db.com/exploits/44192/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook