Vulnerabilities > Cmsmadesimple > CMS Made Simple > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2017-05-12 | CVE-2017-8912 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. | 7.2 |
| 2017-01-16 | CVE-2016-7904 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | 8.0 |