Subscribe via feed.

CMS Made Simple 2.2.5 Authenticated Remote Command Execution

Posted by deepcore on July 21, 2018 – 12:04 am

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.