Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2018-10521
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Cmsmadesimple Cms Made Simple
4.9
CVSSv3
CVE-2018-10522
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents ...
Cmsmadesimple Cms Made Simple
5.3
CVSSv3
CVE-2018-10523
CMS Made Simple (CMSMS) up to and including 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-17734
CMS Made Simple (CMSMS) prior to 2.2.5 does not properly cache login information in sessions.
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2017-17735
CMS Made Simple (CMSMS) prior to 2.2.5 does not properly cache login information in cookies.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple 2.2.17
5.4
CVSSv3
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote malicious users to inject arbitrary web script or HTML via the File Upload function.
Cmsmadesimple Cms Made Simple 2.2.17
5.4
CVSSv3
CVE-2023-43872
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to upload a pdf file with hidden Cross Site Scripting (XSS).
Cmsmadesimple Cms Made Simple 2.2.18
6.1
CVSSv3
CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
Cmsmadesimple Cms Made Simple 2.2.18
7.8
CVSSv3
CVE-2023-43352
An issue in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload to the Content Manager Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »