Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10084
CMS Made Simple (CMSMS) up to and including 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...
Cmsmadesimple Cms Made Simple
7.2
CVSSv3
CVE-2019-9059
An issue exists in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot you...
Cmsmadesimple Cms Made Simple
7.2
CVSSv3
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2020-13660
CMS Made Simple up to and including 2.2.14 allows XSS via a crafted File Picker profile name.
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2019-11513
The File Manager in CMS Made Simple up to and including 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Cmsmadesimple Cms Made Simple
6.5
CVSSv3
CVE-2018-10516
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Cmsmadesimple Cms Made Simple
6.5
CVSSv3
CVE-2018-10518
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...
Cmsmadesimple Cms Made Simple
6.5
CVSSv3
CVE-2018-10520
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directori...
Cmsmadesimple Cms Made Simple
2.7
CVSSv3
CVE-2018-10521
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Cmsmadesimple Cms Made Simple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »