Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  Security Vulnerabilities
CVE-2018-10086
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
CVSS Score
7.2
EPSS Score
0.01
Published
2018-04-13
CVE-2018-10029
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10030
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10031
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-13
CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
CVSS Score
7.2
EPSS Score
0.56
Published
2018-03-13
CVE-2018-7893
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-03-12
CVE-2018-8058
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved