Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read prior to 2.2, and local file inclusion since 2.2.1
Cmsmadesimple Cms Made Simple
4
CVSSv2
CVE-2018-10521
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Cmsmadesimple Cms Made Simple
5
CVSSv2
CVE-2018-10523
CMS Made Simple (CMSMS) up to and including 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2018-10084
CMS Made Simple (CMSMS) up to and including 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...
Cmsmadesimple Cms Made Simple
7.5
CVSSv2
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9055
An issue exists in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms ...
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9057
An issue exists in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9058
An issue exists in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9059
An issue exists in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot you...
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9061
An issue exists in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Cmsmadesimple Cms Made Simple
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »