:: Deepquest :: This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

CMS Made Simple 2.2.5 Authenticated Remote Command Execution

deepcoreJul 21, 2018

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

You must be logged in to post a comment.

Related Posts

Chitor CMS 1.1.2 SQL Injection

Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution

Telit Cinterion IoT Traversal / Escalation / Bypass / Heap Overflow

Leave a Reply