diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index db236deb50..432e6546e6 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -37526,6 +37526,36 @@
     "is_install_path": true,
     "ref_name": "multi/http/clipbucket_fileupload_exec"
   },
+  "exploit_multi/http/cmsms_upload_rename_rce": {
+    "name": "CMS Made Simple Authenticated RCE via File Upload/Copy",
+    "full_name": "exploit/multi/http/cmsms_upload_rename_rce",
+    "rank": 600,
+    "disclosure_date": "2018-07-03",
+    "type": "exploit",
+    "author": [
+      "Mustafa Hasen",
+      "Jacob Robles"
+    ],
+    "description": "CMS Made Simple v2.2.5 allows an authenticated administrator to upload a file\n        and rename it to have a .php extension. The file can then be executed by opening\n        the URL of the file in the /uploads/ directory.",
+    "references": [
+      "CVE-2018-1000094",
+      "CWE-434",
+      "EDB-44976",
+      "URL-http://dev.cmsmadesimple.org/bug/view/11741"
+    ],
+    "is_server": true,
+    "is_client": false,
+    "platform": "PHP",
+    "arch": "php",
+    "rport": "80",
+    "targets": [
+      "Universal"
+    ],
+    "mod_time": "2018-07-19 12:17:02 +0000",
+    "path": "/modules/exploits/multi/http/cmsms_upload_rename_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/cmsms_upload_rename_rce"
+  },
   "exploit_multi/http/coldfusion_rds": {
     "name": "Adobe ColdFusion 9 Administrative Login Bypass",
     "full_name": "exploit/multi/http/coldfusion_rds",