Vulnerabilities > Cmsmadesimple > CMS Made Simple > 2.2.2

DATE CVE VULNERABILITY TITLE RISK
2018-04-11 CVE-2018-10030 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. 		6.8
6.8
2018-04-11 CVE-2018-10029 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. 		3.5
3.5
2018-01-02 CVE-2017-1000454 Injection vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
local
low complexity
cmsmadesimple CWE-74
4.6
4.6
2018-01-02 CVE-2017-1000453 Injection vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
network
low complexity
cmsmadesimple CWE-74
7.5
7.5
2017-12-18 CVE-2017-17735 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
network
low complexity
cmsmadesimple CWE-200
5.0
5.0
2017-12-18 CVE-2017-17734 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
network
low complexity
cmsmadesimple CWE-200
5.0
5.0
2017-11-10 CVE-2017-16784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. 		4.3
4.3
2017-07-18 CVE-2017-11405 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
network
low complexity
cmsmadesimple CWE-434
4.0
4.0
2017-07-18 CVE-2017-11404 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
network
low complexity
cmsmadesimple CWE-434
4.0
4.0