CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#12331] xxxxx

avatar
Created By: Mazen Ahmed (drloser137)
Date Submitted: Mon Jun 29 06:03:40 -0400 2020

Assigned To:
Version: 2.2.14
CMSMS Version: 2.2.14
Severity: Minor
Resolution: Invalid
State: Closed
Summary:
xxxxx
Detailed Description:
xxxxx


History

Comments
avatar 
Date: 2020-09-18 07:23
Posted By: Ruud van der Velden (ruudvdvelden)

Won't fix currently as we are aware and consider it a feature that certain
user(group)s can use UDTs to their liking.

It's possible to remove the permission for the specific group(s)
Updates

Updated: 2020-11-03 14:21
resolution_id: 8 => 9
state: Open => Closed

Updated: 2020-09-18 07:23
resolution_id: 5 => 8

Updated: 2020-06-29 06:45
severity_id: 1 => 3

Updated: 2020-06-29 06:05
description: Hi , it's Mazen Ahmed from Egypt i found vulnerability at CMS made simple i hope you fix it asap Sumnary: Editor and Designer can execute PHP code which lead to remote code excution steps to reproduce: 1) create a user with designer and edito => xxxxx
summary: Authinticated RCE by abusing User Definded tage => xxxxx
resolution_id: => 5