Vulnerabilities > Cmsmadesimple > CMS Made Simple > 1.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2021-28998 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
network
low complexity
cmsmadesimple CWE-434
7.2
2023-05-08 CVE-2021-28999 SQL Injection vulnerability in Cmsmadesimple CMS Made Simple
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
network
low complexity
cmsmadesimple CWE-89
8.8
2022-06-09 CVE-2021-40961 SQL Injection vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php.
network
low complexity
cmsmadesimple CWE-89
8.8
2020-09-30 CVE-2020-22842 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
3.5
2020-05-28 CVE-2020-13660 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
3.5
2019-11-26 CVE-2011-4310 Improper Input Validation vulnerability in Cmsmadesimple CMS Made Simple
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
network
low complexity
cmsmadesimple CWE-20
5.0
2019-04-25 CVE-2019-11513 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
3.5
2019-03-26 CVE-2019-9061 Unspecified vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple
8.8
2019-03-26 CVE-2019-9059 Command Injection vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-77
6.5
2019-03-26 CVE-2019-9058 Unspecified vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple
7.2