Medium severity4.7NVD Advisory· Published Mar 31, 2026· Updated Apr 29, 2026

CVE-2026-5203

Description

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. This issue has been reported early to the project. They confirmed, that "this has already been discovered and fixed for the next release."

Affected products

Simple Cms/Simple CMSllm-fuzzy
Range: <=2.2.22

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.proton.me/urls/Q0JHZ339BWnvd
vuldb.com/submit/772855nvd
vuldb.com/vuln/354331nvd
vuldb.com/vuln/354331/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000