VYPR

Cmsmadesimple

by Cmsmadesimple

Source repositories

CVEs (100)

  • CVE-2018-5963MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.

  • CVE-2018-10521LowApr 27, 2018
    risk 0.18cvss 2.7epss 0.01

    In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.

  • CVE-2019-9053Mar 26, 2019
    risk 0.10cvss epss 0.56

    An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

  • CVE-2019-9692Mar 11, 2019
    risk 0.08cvss epss 0.47

    class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

  • CVE-2019-9055Mar 26, 2019
    risk 0.06cvss epss 0.13

    An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the…

  • CVE-2007-5056Sep 24, 2007
    risk 0.05cvss epss 0.28

    Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module…

  • CVE-2008-5642Dec 17, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.

  • CVE-2005-2846Sep 8, 2005
    risk 0.04cvss epss 0.07

    PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.

  • CVE-2014-0334Mar 2, 2014
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url…

  • CVE-2010-3884Oct 8, 2010
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-2267May 16, 2008
    risk 0.03cvss epss 0.05

    Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6)…

  • CVE-2007-6656Jan 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

  • CVE-2007-2473May 2, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

  • CVE-2006-6845Dec 31, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

  • CVE-2005-3083Sep 27, 2005
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2019-9059Mar 26, 2019
    risk 0.01cvss epss 0.02

    An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password"…

  • CVE-2010-2797Oct 8, 2010
    risk 0.01cvss epss 0.08

    Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by…

  • CVE-2023-43352Oct 26, 2023
    risk 0.00cvss epss 0.01

    An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

  • CVE-2023-43360Oct 24, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

  • CVE-2023-43358Oct 23, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.