CVE-2018-10085 (cms_made_simple)

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of libclassesinternalclass.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.

Source: CVE-2018-10085 (cms_made_simple)

답글 남기기 응답 취소