Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
Cmsmadesimple Cms Made Simple 2.2.18
8.8
CVSSv3
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple 2.2.17
5.4
CVSSv3
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote malicious users to inject arbitrary web script or HTML via the File Upload function.
Cmsmadesimple Cms Made Simple 2.2.17
7.2
CVSSv3
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
6.1
CVSSv3
CVE-2021-43154
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.15
7.2
CVSSv3
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
6.1
CVSSv3
CVE-2022-23907
CMS Made Simple v2.2.15 exists to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
Cmsmadesimple Cms Made Simple 2.2.15
5.4
CVSSv3
CVE-2020-23481
CMS Made Simple 2.2.14 exists to contain a cross-site scripting (XSS) vulnerability which allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
Cmsmadesimple Cms Made Simple 2.2.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »