Vulnerabilities > Cmsmadesimple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000094 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. | 7.2 |
| 2018-03-12 | CVE-2018-8058 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | 4.8 |
| 2018-03-12 | CVE-2018-7893 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | 4.8 |
| 2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 7.5 |
| 2018-01-25 | CVE-2018-5965 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5964 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5963 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 4.8 |
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |
| 2017-12-18 | CVE-2017-17735 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 9.8 |