VYPR

Simple CMS

by Simple CMS

CVEs (146)

  • CVE-2008-2267May 16, 2008
    risk 0.03cvss epss 0.05

    Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6)…

  • CVE-2008-0835Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.

  • CVE-2007-6656Jan 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

  • CVE-2007-2473May 2, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

  • CVE-2006-6845Dec 31, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

  • CVE-2005-3083Sep 27, 2005
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2022-23906Feb 28, 2022
    risk 0.01cvss epss 0.02

    CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

  • CVE-2019-9059Mar 26, 2019
    risk 0.01cvss epss 0.02

    An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password"…

  • CVE-2010-2797Oct 8, 2010
    risk 0.01cvss epss 0.08

    Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by…

  • CVE-2021-47919Feb 1, 2026
    risk 0.00cvss epss 0.00

    Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.

  • CVE-2021-47917Feb 1, 2026
    risk 0.00cvss epss 0.00

    Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview,…

  • CVE-2023-53927Dec 17, 2025
    risk 0.00cvss epss 0.00

    PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators…

  • CVE-2023-53926Dec 17, 2025
    risk 0.00cvss epss 0.01

    PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or…

  • CVE-2025-63678Nov 10, 2025
    risk 0.00cvss epss 0.00

    An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-5153May 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be…

  • CVE-2024-1529Mar 12, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially…

  • CVE-2024-1528Mar 12, 2024
    risk 0.00cvss epss 0.00

    CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted…

  • CVE-2024-1527Mar 12, 2024
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

  • CVE-2024-27622Mar 5, 2024
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated…

  • CVE-2024-27625Mar 5, 2024
    risk 0.00cvss epss 0.00

    CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.

Page 4 of 8