Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple 2.2.7 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-1000158
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisonin...
Cmsmadesimple Cms Made Simple 2.2.7
5.3
CVSSv3
CVE-2018-9921
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?...
Cmsmadesimple Cms Made Simple 2.2.7
6.1
CVSSv3
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
6.1
CVSSv3
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
8.8
CVSSv3
CVE-2018-10519
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vu...
Cmsmadesimple Cms Made Simple 2.2.7
7.2
CVSSv3
CVE-2018-10517
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Cmsmadesimple Cms Made Simple
1 EDB exploit
8.8
CVSSv3
CVE-2018-10030
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2018-10031
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
Cmsmadesimple Cms Made Simple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »