Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
Cmsmadesimple Cms Made Simple 2.2.5
3.5
CVSSv2
CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
Cmsmadesimple Cms Made Simple 2.2.5
3.5
CVSSv2
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
Cmsmadesimple Cms Made Simple 2.2.10
6.5
CVSSv2
CVE-2018-10519
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vu...
Cmsmadesimple Cms Made Simple 2.2.7
6.5
CVSSv2
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
3.5
CVSSv2
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
Cmsmadesimple Cms Made Simple 2.2.11
6.5
CVSSv2
CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any ...
Cmsmadesimple Cms Made Simple 2.2.5
1 EDB exploit
3.5
CVSSv2
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.8
6.8
CVSSv2
CVE-2019-9053
An issue exists in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Cmsmadesimple Cms Made Simple 2.2.8
1 EDB exploit
40 Github repositories
5
CVSSv2
CVE-2019-9060
An issue exists in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary ...
Cmsmadesimple Cms Made Simple 2.2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »