Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-9058
An issue exists in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
Cmsmadesimple Cms Made Simple
7.2
CVSSv3
CVE-2019-9059
An issue exists in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot you...
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2019-9061
An issue exists in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Cmsmadesimple Cms Made Simple
5.3
CVSSv3
CVE-2018-10082
CMS Made Simple (CMSMS) up to and including 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tas...
Cmsmadesimple Cms Made Simple
9.8
CVSSv3
CVE-2018-10085
CMS Made Simple (CMSMS) up to and including 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Cmsmadesimple Cms Made Simple
6.5
CVSSv3
CVE-2018-10516
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Cmsmadesimple Cms Made Simple
4.9
CVSSv3
CVE-2018-10522
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents ...
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
Cmsmadesimple Cms Made Simple
4.8
CVSSv3
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
Cmsmadesimple Cms Made Simple
8.8
CVSSv3
CVE-2018-10030
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
Cmsmadesimple Cms Made Simple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »