Vulnerabilities > Cmsmadesimple > CMS Made Simple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-9059 | Command Injection vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 6.5 |
| 2019-03-26 | CVE-2019-9055 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 6.5 |
| 2019-03-26 | CVE-2019-9053 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 6.8 |
| 2019-03-11 | CVE-2019-9693 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | 6.5 |
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 4.0 |
| 2018-12-25 | CVE-2018-20464 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. | 4.3 |
| 2018-10-12 | CVE-2018-18271 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 4.3 |
| 2018-10-12 | CVE-2018-18270 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 4.3 |
| 2018-04-27 | CVE-2018-10523 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | 5.0 |
| 2018-04-27 | CVE-2018-10522 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | 4.0 |