Vulnerabilities > Codelyfe

DATE CVE VULNERABILITY TITLE RISK
2024-01-17 CVE-2024-22714 Cross-site Scripting vulnerability in Codelyfe Stupid Simple CMS
Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content.
network
low complexity
codelyfe CWE-79
6.1
6.1
2024-01-17 CVE-2024-22715 Cross-Site Request Forgery (CSRF) vulnerability in Codelyfe Stupid Simple CMS
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.
network
low complexity
codelyfe CWE-352
8.8
8.8
2023-12-21 CVE-2023-7040 Path Traversal: '../filedir' vulnerability in Codelyfe Stupid Simple CMS
A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4.
network
low complexity
codelyfe CWE-24
6.5
6.5
2023-12-21 CVE-2023-7041 Path Traversal: '../filedir' vulnerability in Codelyfe Stupid Simple CMS
A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4.
network
low complexity
codelyfe CWE-24
5.4
5.4
2023-12-18 CVE-2023-6907 Improper Authentication vulnerability in Codelyfe Stupid Simple CMS
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical.
network
low complexity
codelyfe CWE-287
critical
 9.1
9.1
2023-12-17 CVE-2023-6902 Unrestricted Upload of File with Dangerous Type vulnerability in Codelyfe Stupid Simple CMS
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical.
network
low complexity
codelyfe CWE-434
critical
 9.8
9.8
2023-12-17 CVE-2023-6901 OS Command Injection vulnerability in Codelyfe Stupid Simple CMS
A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3.
network
low complexity
codelyfe CWE-78
critical
 9.8
9.8