CVE-2024-1527 CRITICAL

CVE-2024-1527: Unrestricted Upload of File with Dangerous Type in CMS Made Simple

Vendor Cms Made Simple
Product CMS Made Simple
Weakness CWE-434 · Unrestricted file upload
Published March 12, 2024
Last update August 8, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
August 8, 2024 Record updated