Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. ...
Cmsmadesimple Cms Made Simple 2.2.5
7.2
CVSSv3
CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any ...
Cmsmadesimple Cms Made Simple 2.2.5
1 EDB exploit
8.8
CVSSv3
CVE-2018-1000158
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisonin...
Cmsmadesimple Cms Made Simple 2.2.7
5.4
CVSSv3
CVE-2020-36410
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the &qu...
Cmsmadesimple Cms Made Simple 2.2.14
NA
CVE-2013-3929
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
Cmsmadesimple Cms Made Simple 1.11.9
5.4
CVSSv3
CVE-2017-16798
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote malicious users to bypass intended access restrictions or trigger XSS via other...
Cmsmadesimple Cms Made Simple 2.2.3.1
NA
CVE-2006-6845
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote malicious users to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.
Cmsmadesimple Cms Made Simple 1.0.2
1 EDB exploit
NA
CVE-2008-5642
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Cmsmadesimple Cms Made Simple 1.4.1
1 EDB exploit
NA
CVE-2005-3083
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Cmsmadesimple Cms Made Simple 0.10
1 EDB exploit
5.4
CVSSv3
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
Cmsmadesimple Cms Made Simple 2.2.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »