Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
756
VMScore
CVE-2018-10520
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directori...
Cmsmadesimple Cms Made Simple
445
VMScore
CVE-2018-10523
CMS Made Simple (CMSMS) up to and including 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
534
VMScore
CVE-2016-7904
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple prior to 2.1.6 allows remote malicious users to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
Cmsmadesimple Cms Made Simple
578
VMScore
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.14
383
VMScore
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
Cmsmadesimple Cms Made Simple 2.2.4
578
VMScore
CVE-2019-9056
An issue exists in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
Cmsmadesimple Cms Made Simple 2.2.8
445
VMScore
CVE-2019-9060
An issue exists in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary ...
Cmsmadesimple Cms Made Simple 2.2.8
312
VMScore
CVE-2020-36410
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the &qu...
Cmsmadesimple Cms Made Simple 2.2.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »