Shodan
Vulnerabilities
Vulnerable Software
Cmsimple:  >> Cmsimple  Security Vulnerabilities
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-27
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-27
CVE-2024-57549
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-27
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-27
CVE-2024-33423
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.
CVSS Score
7.4
EPSS Score
0.002
Published
2024-05-01
CVE-2024-33424
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-01
CVE-2024-32392
Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-04-19
CVE-2024-32344
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32345
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-04-17
CVE-2021-43741
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.114
Published
2022-04-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved