Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, Published In 2022

CVE-2022-23907

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Max CVSS
7.2
EPSS Score
0.22%
Published
2022-02-28
Updated
2022-03-08

CVE-2021-43154

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21

CVE-2021-40961

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
Max CVSS
8.8
EPSS Score
0.33%
Published
2022-06-09
Updated
2023-02-06
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close