CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code...
9.8CVSS
9.6AI Score
0.005EPSS
5.4CVSS
5.3AI Score
0.001EPSS
4.8CVSS
6.2AI Score
0.001EPSS
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/...
4.8CVSS
6.3AI Score
0.001EPSS
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...
8.1AI Score
0.063EPSS