Cmsmadesimple: >> Cms Made Simple >> 0.10 Security Vulnerabilities
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
CVSS Score
4.9
EPSS Score
0.003
Published
2018-04-27
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-04-27
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-13
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-13
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-04-13
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-13
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-04-13
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
CVSS Score
7.2
EPSS Score
0.01
Published
2018-04-13
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11