Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
410
VMScore
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) prior to 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
Cmsmadesimple Cms Made Simple
2 EDB exploits
1 Github repository
578
VMScore
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Cmsmadesimple Cms Made Simple
312
VMScore
CVE-2020-13660
CMS Made Simple up to and including 2.2.14 allows XSS via a crafted File Picker profile name.
Cmsmadesimple Cms Made Simple
490
VMScore
CVE-2018-10516
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Cmsmadesimple Cms Made Simple
756
VMScore
CVE-2018-10520
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directori...
Cmsmadesimple Cms Made Simple
445
VMScore
CVE-2018-10523
CMS Made Simple (CMSMS) up to and including 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28998
File upload vulnerability in CMS Made Simple up to and including 2.2.15 allows remote authenticated malicious users to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple
NA
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
534
VMScore
CVE-2016-7904
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple prior to 2.1.6 allows remote malicious users to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
Cmsmadesimple Cms Made Simple
578
VMScore
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »