Vulnerabilities > Cmsmadesimple > CMS Made Simple > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-13 | CVE-2018-10085 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. | 7.5 |
| 2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 8.5 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 7.5 |
| 2017-11-10 | CVE-2017-16783 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | 7.5 |
| 2017-05-12 | CVE-2017-8912 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. | 7.2 |
| 2017-02-21 | CVE-2017-6070 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | 7.5 |
| 2010-10-08 | CVE-2010-2797 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-05-02 | CVE-2007-2473 | SQL Injection vulnerability in CMS Made Simple Stylesheet.PHP SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | 7.5 |
| 2007-01-29 | CVE-2007-0551 | Remote Security vulnerability in Cmsmadesimple CMS Made Simple 2.7 Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | 7.5 |