Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.11:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-28999 |
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. Published: May 08, 2023; 10:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2021-28998 |
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. Published: May 08, 2023; 10:15:10 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2021-40961 |
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. Published: June 09, 2022; 11:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2020-22842 |
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. Published: September 30, 2020; 2:15:24 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-13660 |
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. Published: May 28, 2020; 3:15:11 PM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17630 |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. Published: October 16, 2019; 10:15:14 AM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17629 |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. Published: October 16, 2019; 10:15:14 AM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17226 |
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. Published: October 06, 2019; 2:15:10 PM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1000454 |
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 Published: January 02, 2018; 12:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-1000453 |
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. Published: January 02, 2018; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-0334 |
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092. Published: March 02, 2014; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2007-5056 |
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. Published: September 24, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |