Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple 2.2.15 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
Cmsmadesimple Cms Made Simple 2.2.15
4.3
CVSSv2
CVE-2021-43154
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.15
4.3
CVSSv2
CVE-2022-23907
CMS Made Simple v2.2.15 exists to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
Cmsmadesimple Cms Made Simple 2.2.15
6.5
CVSSv2
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
3.5
CVSSv2
CVE-2020-22842
CMS Made Simple prior to 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started