CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted by deepcore on July 21, 2018 – 12:04 am
CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
Post a reply
You must be logged in to post a comment.