High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-13	CVE-2018-10085	Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. network low complexity cmsmadesimple CWE-502	7.5
2018-02-26	CVE-2018-7448	OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. network cmsmadesimple CWE-78	8.5
2018-01-02	CVE-2017-1000453	Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. network low complexity cmsmadesimple CWE-74	7.5
2017-11-10	CVE-2017-16783	Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. network low complexity cmsmadesimple CWE-94	7.5
2017-05-12	CVE-2017-8912	Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. network low complexity cmsmadesimple CWE-94	7.2
2017-02-21	CVE-2017-6070	Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. network low complexity cmsmadesimple CWE-200	7.5
2010-10-08	CVE-2010-2797	Path Traversal vulnerability in Cmsmadesimple CMS Made Simple Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. network low complexity cmsmadesimple CWE-22	7.5
2007-05-02	CVE-2007-2473	SQL Injection vulnerability in CMS Made Simple Stylesheet.PHP SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. network low complexity cmsmadesimple	7.5
2007-01-29	CVE-2007-0551	Remote Security vulnerability in Cmsmadesimple CMS Made Simple 2.7 Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. network low complexity cmsmadesimple	7.5