Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, (Information Leak)

CVE-2018-10523

CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-04-27
Updated
2018-05-24

CVE-2018-10522

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
Max CVSS
4.9
EPSS Score
0.07%
Published
2018-04-27
Updated
2018-05-24

CVE-2018-10516

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-27
Updated
2018-05-24

CVE-2018-10082

CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-04-13
Updated
2018-04-13

CVE-2017-17735

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-12-18
Updated
2018-01-04

CVE-2017-17734

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-12-18
Updated
2018-01-04

CVE-2017-6072

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
Max CVSS
5.3
EPSS Score
0.24%
Published
2017-02-21
Updated
2017-02-23

CVE-2017-6071

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
Max CVSS
5.3
EPSS Score
0.24%
Published
2017-02-21
Updated
2020-05-05

CVE-2017-6070

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
Max CVSS
9.8
EPSS Score
0.94%
Published
2017-02-21
Updated
2017-02-23

CVE-2011-3718

CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13

CVE-2007-5444

CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
Max CVSS
5.0
EPSS Score
0.40%
Published
2007-10-14
Updated
2018-10-15
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close