VYPR

Simple CMS

by Simple CMS

CVEs (146)

  • CVE-2018-8058MedMar 12, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.

  • CVE-2018-7893MedMar 12, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.

  • CVE-2018-5965MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.

  • CVE-2018-5964MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.

  • CVE-2018-5963MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.

  • CVE-2018-10521LowApr 27, 2018
    risk 0.18cvss 2.7epss 0.01

    In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.

  • CVE-2026-4225LowMar 16, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible…

  • CVE-2019-9053Mar 26, 2019
    risk 0.10cvss epss 0.56

    An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

  • CVE-2023-36969Jul 6, 2023
    risk 0.08cvss epss 0.45

    CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.

  • CVE-2019-9692Mar 11, 2019
    risk 0.08cvss epss 0.47

    class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

  • CVE-2019-9055Mar 26, 2019
    risk 0.06cvss epss 0.13

    An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the…

  • CVE-2008-5642Dec 17, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.

  • CVE-2005-2846Sep 8, 2005
    risk 0.04cvss epss 0.07

    PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.

  • CVE-2021-28935Mar 30, 2021
    risk 0.03cvss epss 0.02

    CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.

  • CVE-2014-0334Mar 2, 2014
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url…

  • CVE-2010-3884Oct 8, 2010
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2010-3742Oct 5, 2010
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.

  • CVE-2010-3307Oct 5, 2010
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.

  • CVE-2009-2792Aug 17, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter.

  • CVE-2008-5058Nov 13, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.

Page 3 of 8