Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  Security Vulnerabilities
CVE-2018-10029
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10030
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10031
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-13
CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
CVSS Score
7.2
EPSS Score
0.56
Published
2018-03-13
CVE-2018-7893
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-03-12
CVE-2018-8058
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-03-12
CVE-2018-7448
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
CVSS Score
7.5
EPSS Score
0.432
Published
2018-02-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved