Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-3884
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; th...
Cmsmadesimple Cms Made Simple
1 EDB exploit
6.5
CVSSv2
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
5
CVSSv2
CVE-2011-4310
The news module in CMSMS prior to 1.9.4.3 allows remote malicious users to corrupt new articles.
Cmsmadesimple Cms Made Simple
7.5
CVSSv2
CVE-2007-2473
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the templateid parameter.
Cmsmadesimple Cms Made Simple
1 EDB exploit
6.5
CVSSv2
CVE-2018-10515
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2018-10517
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Cmsmadesimple Cms Made Simple
1 EDB exploit
8.5
CVSSv2
CVE-2018-10520
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directori...
Cmsmadesimple Cms Made Simple
4
CVSSv2
CVE-2018-10522
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents ...
Cmsmadesimple Cms Made Simple
5
CVSSv2
CVE-2018-10523
CMS Made Simple (CMSMS) up to and including 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Cmsmadesimple Cms Made Simple
6.5
CVSSv2
CVE-2019-9055
An issue exists in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms ...
Cmsmadesimple Cms Made Simple
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »