Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 8
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Max CVSS
8.8
EPSS Score
0.33%
Published
2022-06-09
Updated
2023-02-06
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-05-08
Updated
2023-05-15
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-03-11
Updated
2019-03-12
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Max CVSS
8.1
EPSS Score
1.11%
Published
2019-03-26
Updated
2019-04-24
4 vulnerabilities found