Vulnerabilities > Cmsmadesimple > CMS Made Simple > 1.11.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10030 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | 8.8 |
| 2018-04-11 | CVE-2018-10029 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | 4.8 |
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |
| 2017-12-18 | CVE-2017-17735 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 9.8 |
| 2017-12-18 | CVE-2017-17734 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | 9.8 |
| 2017-02-21 | CVE-2017-6072 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | 5.3 |
| 2017-02-21 | CVE-2017-6071 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | 5.3 |
| 2017-02-21 | CVE-2017-6070 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | 9.8 |
| 2017-01-16 | CVE-2016-7904 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | 8.0 |