Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, CVSS score >= 9
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Max CVSS
9.8
EPSS Score
0.30%
Published
2018-04-13
Updated
2020-08-24
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-04-13
Updated
2018-04-17
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-02
Updated
2018-01-16
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-12-18
Updated
2018-01-04
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-12-18
Updated
2018-01-04
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
Max CVSS
9.8
EPSS Score
3.77%
Published
2017-11-10
Updated
2020-11-10
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
Max CVSS
9.8
EPSS Score
0.94%
Published
2017-02-21
Updated
2017-02-23
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2011-06-08
Updated
2012-04-27
9 vulnerabilities found