CVE-2018-1000094
CVE-2018-1000094
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 40.5%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
13 Mar 2018Published on NVD
03 Jul 2018Metasploit module available
04 Jul 2018Public PoC
Weaponization speed
113 daysto first PoC
112 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44976/unverifiedexploitdbwww.exploit-db.com/exploits/44976unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.