nvd-json-data-feeds/CVE-2018/CVE-2018-100xx/CVE-2018-10086.json

{
  "id": "CVE-2018-10086",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-04-13T05:29:00.510",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses \"eval('function testfunction'.rand()\" and it is possible to bypass certain restrictions on these \"testfunction\" functions."
    },
    {
      "lang": "es",
      "value": "CMS Made Simple (CMSMS) hasta la versi\u00f3n 2.2.7 contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el panel de administraci\u00f3n debido a que la implementaci\u00f3n emplea \"eval('function testfunction'.rand()\" y es posible omitir ciertas restricciones en estas funciones \"testfunction\"."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.2.7",
              "matchCriteriaId": "ABE080D4-548B-4AF1-9E61-9381338CC90C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/itodaro/cve/blob/master/README.md",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ]
    }
  ]
}