Vulnerabilities > Cmsmadesimple > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-11 | CVE-2019-9056 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-03-26 | CVE-2019-9061 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-03-26 | CVE-2019-9059 | Command Injection vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 7.2 |
| 2019-03-26 | CVE-2019-9058 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 7.2 |
| 2019-03-26 | CVE-2019-9057 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-03-26 | CVE-2019-9055 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-03-26 | CVE-2019-9053 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 8.1 |
| 2019-03-11 | CVE-2019-9693 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | 8.8 |
| 2018-04-27 | CVE-2018-10519 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. | 8.8 |
| 2018-04-27 | CVE-2018-10517 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | 7.2 |