Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
7.5
CVSSv2
CVE-2007-2473
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the templateid parameter.
Cmsmadesimple Cms Made Simple
1 EDB exploit
3.5
CVSSv2
CVE-2019-11513
The File Manager in CMS Made Simple up to and including 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2018-10515
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Cmsmadesimple Cms Made Simple
5.5
CVSSv2
CVE-2018-10516
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2018-10517
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Cmsmadesimple Cms Made Simple
1 EDB exploit
8.5
CVSSv2
CVE-2018-10518
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...
Cmsmadesimple Cms Made Simple
8.5
CVSSv2
CVE-2018-10520
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directori...
Cmsmadesimple Cms Made Simple
4
CVSSv2
CVE-2018-10521
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Cmsmadesimple Cms Made Simple
4
CVSSv2
CVE-2018-10522
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents ...
Cmsmadesimple Cms Made Simple
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »