Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  Security Vulnerabilities
CVE-2018-20464
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-25
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-12
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-12
CVE-2018-10515
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
CVSS Score
7.2
EPSS Score
0.027
Published
2018-04-27
CVE-2018-10516
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-04-27
CVE-2018-10517
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
CVSS Score
7.2
EPSS Score
0.185
Published
2018-04-27
CVE-2018-10518
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-27
CVE-2018-10519
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-27
CVE-2018-10520
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved