Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
Cmsmadesimple Cms Made Simple 2.2.10
410
VMScore
CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) prior to 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
Cmsmadesimple Cms Made Simple
2 EDB exploits
1 Github repository
578
VMScore
CVE-2019-9693
In CMS Made Simple (CMSMS) prior to 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _Ad...
Cmsmadesimple Cms Made Simple
383
VMScore
CVE-2018-20464
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
Cmsmadesimple Cms Made Simple 2.2.8
312
VMScore
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.8
383
VMScore
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
383
VMScore
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
578
VMScore
CVE-2018-10515
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Cmsmadesimple Cms Made Simple
490
VMScore
CVE-2018-10516
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Cmsmadesimple Cms Made Simple
655
VMScore
CVE-2018-10517
In CMS Made Simple (CMSMS) up to and including 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Cmsmadesimple Cms Made Simple
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »