Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  >> 2.2.10  Security Vulnerabilities
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-05-08
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-08
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-09
CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-09-30
CVE-2020-13660
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-05-28
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-06-05
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-04-25
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved