cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:*:*:*:*:*:*:*
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Max CVSS
8.8
EPSS Score
0.33%
Published
2022-06-09
Updated
2023-02-06
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-05-08
Updated
2023-05-15
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Max CVSS
7.2
EPSS Score
0.09%
Published
2023-05-08
Updated
2023-05-12
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-09-30
Updated
2020-10-02
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-05-28
Updated
2020-05-29
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Max CVSS
4.8
EPSS Score
0.06%
Published
2019-04-25
Updated
2019-04-27
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-03-11
Updated
2019-03-12

CVE-2019-9692

Public exploit
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
Max CVSS
6.5
EPSS Score
43.03%
Published
2019-03-11
Updated
2019-04-02
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-03-26
Updated
2022-12-02
An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.
Max CVSS
7.2
EPSS Score
0.13%
Published
2019-03-26
Updated
2019-03-27
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
Max CVSS
7.2
EPSS Score
0.10%
Published
2019-03-26
Updated
2022-12-02
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-03-26
Updated
2022-12-02

CVE-2019-9055

Public exploit
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
Max CVSS
8.8
EPSS Score
1.75%
Published
2019-03-26
Updated
2020-08-24
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
Max CVSS
4.9
EPSS Score
0.07%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Max CVSS
4.0
EPSS Score
0.06%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Max CVSS
7.2
EPSS Score
12.71%
Published
2018-04-27
Updated
2019-03-15
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Max CVSS
7.2
EPSS Score
0.28%
Published
2018-04-27
Updated
2018-05-24
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
Max CVSS
7.2
EPSS Score
0.12%
Published
2018-04-13
Updated
2019-10-03
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Max CVSS
9.8
EPSS Score
0.30%
Published
2018-04-13
Updated
2020-08-24
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-04-13
Updated
2019-10-03
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
Max CVSS
7.5
EPSS Score
0.16%
Published
2018-04-13
Updated
2018-04-13
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!