CVE-2018-1000158

EPSS 0.41% · P61 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-1000158

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

CMS Made Simple 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CMS Made Simple（CMSMS）是CMSMS团队开发的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.7版本中的‘send_recovery_email’函数存在访问控制错误漏洞。远程攻击者可借助特制的URL利用该漏洞更改管理员密码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-1000158

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-1000158

请登录查看更多情报信息。

http://dev.cmsmadesimple.org/bug/view/11762x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2018-1000158

Same Patch Batch · n/a · 2018-04-18 · 32 CVEs total

CVE-2018-5338		ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2018-8736		Nagios XI 权限许可和访问控制问题漏洞
CVE-2018-8735		Nagios XI 操作系统命令注入漏洞
CVE-2018-8734		Nagios XI SQL注入漏洞
CVE-2018-8733		Nagios XI core config manager 安全漏洞
CVE-2018-10193		LogMeIn LastPass 安全漏洞
CVE-2018-9999		Zulip Server 跨站脚本漏洞
CVE-2018-9990		Zulip Server 跨站脚本漏洞
CVE-2018-9987		Zulip Server 跨站脚本漏洞
CVE-2018-9986		Zulip Server frontend markdown processor 跨站脚本漏洞
CVE-2018-8092		Mautic 安全漏洞
CVE-2018-8071		Mautic 跨站脚本漏洞
CVE-2018-5342		ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2018-5341		ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2018-5340		ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2018-5339		ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2018-10110		D-Link DIR-615 跨站脚本漏洞
CVE-2018-5337		ZOHO ManageEngine Desktop Central 路径遍历漏洞
CVE-2016-10490		Android Qualcomm闭源组件数字错误漏洞
CVE-2018-10199		mruby 安全漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-1000158

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-1000158

I. Basic Information for CVE-2018-1000158

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-1000158

III. Intelligence Information for CVE-2018-1000158

Same Patch Batch · n/a · 2018-04-18 · 32 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-1000158

Leave a comment