Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 7
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
Max CVSS
7.5
EPSS Score
1.17%
Published
2007-05-02
Updated
2017-07-29
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
Max CVSS
7.5
EPSS Score
9.12%
Published
2008-01-04
Updated
2017-09-29
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Max CVSS
8.1
EPSS Score
0.93%
Published
2019-03-26
Updated
2019-04-24
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-03-11
Updated
2019-03-12
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-05-08
Updated
2023-05-15
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Max CVSS
8.8
EPSS Score
0.33%
Published
2022-06-09
Updated
2023-02-06
6 vulnerabilities found