High severity7.5NVD Advisory· Published Feb 26, 2018· Updated Jun 17, 2026
CVE-2018-7448
CVE-2018-7448
Description
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 2.1.6
- Range: =2.1.6
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/146568/CMS-Made-Simple-2.1.6-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/44192/nvdExploitThird Party AdvisoryVDB Entry
- dev.cmsmadesimple.org/project/changelog/5471nvdRelease Notes
News mentions
0No linked articles in our index yet.