Home / exploits CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted on 20 July 2018
CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
