Nikhil Raj (@0xn1k5) 0xn1k5

## gist:ef4c7c7a26c7d8a803ef3a85f1000c98
Issue Description:
CMS Made Simple web application has the feature which allows the admin user to download a checksum file which can be used to verify the integrity of files in case of any hacking attempt. It was observed that the user can upload a custom checksum verification file to identify the valid directory and files outside the website installation directory using directory traversal technique.

Issue verified on version: CMS Made Simple V 2.2.7 (latest), earlier version may also be affected
Download Link: http://s3.amazonaws.com/cmsms/downloads/14144/cmsms-2.2.7-install.zip
Vendor Site:  https://www.cmsmadesimple.org/about/cms-made-simple/

Risk:
It may allow the user to verify the applications installed by probing known files and directories.
In case of default installations, It is also possible to fingerprint the known binaries by comparing the md5 hash to identify the application/binary version.
	Issue Description:
	CMS Made Simple web application has the feature which allows the admin user to download a checksum file which can be used to verify the integrity of files in case of any hacking attempt. It was observed that the user can upload a custom checksum verification file to identify the valid directory and files outside the website installation directory using directory traversal technique.

	Issue verified on version: CMS Made Simple V 2.2.7 (latest), earlier version may also be affected
	Download Link: http://s3.amazonaws.com/cmsms/downloads/14144/cmsms-2.2.7-install.zip
	Vendor Site: https://www.cmsmadesimple.org/about/cms-made-simple/

	Risk:
	It may allow the user to verify the applications installed by probing known files and directories.
	In case of default installations, It is also possible to fingerprint the known binaries by comparing the md5 hash to identify the application/binary version.