cve/2018/CVE-2018-10086.md

### [CVE-2018-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10086)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.

### POC

#### Reference
- https://github.com/itodaro/cve/blob/master/README.md

#### Github
- https://github.com/itodaro/cve
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10086)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.`

			`### POC`

			`#### Reference`
			`- https://github.com/itodaro/cve/blob/master/README.md`

			`#### Github`
			`- https://github.com/itodaro/cve`