5.8
CVE-2026-5203
- EPSS 0.32%
- Veröffentlicht 31.03.2026 15:45:08
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. This issue has been reported early to the project. They confirmed, that "this has already been discovered and fixed for the next release."
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
CMS Made Simple
Version
2.2.0
Status
affected
Version
2.2.1
Status
affected
Version
2.2.2
Status
affected
Version
2.2.3
Status
affected
Version
2.2.4
Status
affected
Version
2.2.5
Status
affected
Version
2.2.6
Status
affected
Version
2.2.7
Status
affected
Version
2.2.8
Status
affected
Version
2.2.9
Status
affected
Version
2.2.10
Status
affected
Version
2.2.11
Status
affected
Version
2.2.12
Status
affected
Version
2.2.13
Status
affected
Version
2.2.14
Status
affected
Version
2.2.15
Status
affected
Version
2.2.16
Status
affected
Version
2.2.17
Status
affected
Version
2.2.18
Status
affected
Version
2.2.19
Status
affected
Version
2.2.20
Status
affected
Version
2.2.21
Status
affected
Version
2.2.22
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.232 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 4.7 | 1.2 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5.8 | 6.4 | 6.4 |
AV:N/AC:L/Au:M/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://vuldb.com/vuln/354331
https://vuldb.com/vuln/354331/cti
https://vuldb.com/submit/772855
https://drive.proton.me/urls/Q0JHZ339BW#X9P2G3Guwvwa