CVE-2017-11405

Published: 2017-07-18T00:29Z

Last Modified: 2024-11-21T03:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt