Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-11513
The File Manager in CMS Made Simple up to and including 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Cmsmadesimple Cms Made Simple
3.5
CVSSv2
CVE-2020-13660
CMS Made Simple up to and including 2.2.14 allows XSS via a crafted File Picker profile name.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
3.5
CVSSv2
CVE-2014-0334
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url paramete...
Cmsmadesimple Cms Made Simple
1 EDB exploit
5
CVSSv2
CVE-2011-4310
The news module in CMSMS prior to 1.9.4.3 allows remote malicious users to corrupt new articles.
Cmsmadesimple Cms Made Simple
7.5
CVSSv2
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Cmsmadesimple Cms Made Simple
4.6
CVSSv2
CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read prior to 2.2, and local file inclusion since 2.2.1
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9061
An issue exists in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9057
An issue exists in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Cmsmadesimple Cms Made Simple
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »