Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-10081
CMS Made Simple (CMSMS) up to and including 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2018-10085
CMS Made Simple (CMSMS) up to and including 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-17735
CMS Made Simple (CMSMS) prior to 2.2.5 does not properly cache login information in cookies.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-17734
CMS Made Simple (CMSMS) prior to 2.2.5 does not properly cache login information in sessions.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-16783
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
Cmsmadesimple Cms Made Simple 2.1.6
9.8
CVSSv3
CVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote malicious users to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
Cmsmadesimple Form Builder
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple 2.2.17
8.8
CVSSv3
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »