Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-9058
An issue exists in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
Cmsmadesimple Cms Made Simple
7.2
CVSSv3
CVE-2019-9059
An issue exists in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot you...
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2019-9061
An issue exists in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Cmsmadesimple Cms Made Simple
5.4
CVSSv3
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
Cmsmadesimple Cms Made Simple 2.2.10
6.5
CVSSv3
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) prior to 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
Cmsmadesimple Cms Made Simple
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2019-9693
In CMS Made Simple (CMSMS) prior to 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _Ad...
Cmsmadesimple Cms Made Simple
6.1
CVSSv3
CVE-2018-20464
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
Cmsmadesimple Cms Made Simple 2.2.8
4.8
CVSSv3
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.8
6.1
CVSSv3
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
6.1
CVSSv3
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »