cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack.
Max CVSS
8.8
EPSS Score
0.31%
Published
2018-04-18
Updated
2019-10-03

CVE-2018-1000094

Public exploit
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
Max CVSS
7.2
EPSS Score
82.43%
Published
2018-03-13
Updated
2019-03-19
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.
Max CVSS
8.8
EPSS Score
0.11%
Published
2018-03-13
Updated
2018-04-10
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-12-25
Updated
2019-01-10
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
Max CVSS
4.8
EPSS Score
0.06%
Published
2018-12-19
Updated
2019-02-26
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Max CVSS
6.1
EPSS Score
0.06%
Published
2018-10-12
Updated
2018-11-28
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Max CVSS
6.1
EPSS Score
0.06%
Published
2018-10-12
Updated
2018-11-28
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
Max CVSS
4.9
EPSS Score
0.07%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
Max CVSS
4.0
EPSS Score
0.06%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.
Max CVSS
8.8
EPSS Score
0.08%
Published
2018-04-27
Updated
2019-10-03
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
Max CVSS
8.5
EPSS Score
0.06%
Published
2018-04-27
Updated
2019-10-03
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Max CVSS
7.2
EPSS Score
12.71%
Published
2018-04-27
Updated
2019-03-15
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-27
Updated
2018-05-24
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Max CVSS
7.2
EPSS Score
0.28%
Published
2018-04-27
Updated
2018-05-24
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
Max CVSS
7.2
EPSS Score
0.12%
Published
2018-04-13
Updated
2019-10-03
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Max CVSS
9.8
EPSS Score
0.30%
Published
2018-04-13
Updated
2020-08-24
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-04-13
Updated
2019-10-03
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
Max CVSS
7.5
EPSS Score
0.16%
Published
2018-04-13
Updated
2018-04-13
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-04-13
Updated
2018-04-13
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-04-13
Updated
2018-04-17
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
Max CVSS
4.8
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-04-13
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
Max CVSS
4.8
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-04-13
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-04-11
Updated
2018-04-13
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!