Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, Published In 2019 (Sql injection) CVSS score >= 1
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-03-11
Updated
2019-03-12
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Max CVSS
8.1
EPSS Score
1.11%
Published
2019-03-26
Updated
2019-04-24
2 vulnerabilities found