Cmsmadesimple: >> Cms Made Simple >> 2.2.11 Security Vulnerabilities
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-05-08
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-08
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-09
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-09-30
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-05-28
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-10-06
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-02
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-02
Page 1