CMS Made Simple File Manager Remote Code Execution (CVE-2018-1000094)

A remote command execution vulnerability exists in the File Manager interface of CMS Made Simple 2.2.5. By uploading a malicious file, an authenticated attacker with administrator privileges can exploit this vulnerability for execution of arbitrary code.

You can read the full article here.