Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  Security Vulnerabilities
CVE-2018-7448
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
CVSS Score
7.5
EPSS Score
0.432
Published
2018-02-26
CVE-2018-5963
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-25
CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-02
CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-02
CVE-2017-17734
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CVE-2017-17735
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CVE-2017-16798
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-12
CVE-2017-16799
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved