Vulnerabilities > Cmsmadesimple > CMS Made Simple > 2.1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10030 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | 6.8 |
| 2018-04-11 | CVE-2018-10029 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | 3.5 |
| 2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 8.5 |
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 4.6 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 7.5 |
| 2017-12-18 | CVE-2017-17735 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 5.0 |
| 2017-12-18 | CVE-2017-17734 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | 5.0 |
| 2017-11-10 | CVE-2017-16783 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | 7.5 |
| 2017-06-18 | CVE-2017-9668 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | 4.3 |
| 2017-05-12 | CVE-2017-8912 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. | 7.2 |