Vulnerabilities > Cmsmadesimple > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-13 CVE-2018-10083 Path Traversal vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
network
low complexity
cmsmadesimple CWE-22
6.4
2018-04-13 CVE-2018-10082 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
network
low complexity
cmsmadesimple CWE-200
5.0
2018-04-13 CVE-2018-10081 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
network
low complexity
cmsmadesimple CWE-640
5.0
2018-04-11 CVE-2018-10031 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
6.8
2018-04-11 CVE-2018-10030 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
6.8
2018-03-13 CVE-2018-1000092 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple 2.2.5
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715.
6.8
2018-03-13 CVE-2018-1000094 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.5
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server.
network
low complexity
cmsmadesimple CWE-434
6.5
2018-01-02 CVE-2017-1000454 Injection vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
local
low complexity
cmsmadesimple CWE-74
4.6
2017-12-18 CVE-2017-17735 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
network
low complexity
cmsmadesimple CWE-200
5.0
2017-12-18 CVE-2017-17734 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
network
low complexity
cmsmadesimple CWE-200
5.0