Lucene search

Cmsimple Security Vulnerabilities

cve

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code...

9.8CVSS

9.6AI Score

0.005EPSS

2022-04-13 02:15 PM

cve

CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload...

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-13 01:15 PM

cve

CVE-2018-19507

CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-19 07:29 PM

cve

CVE-2018-19508

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/...

4.8CVSS

6.3AI Score

0.001EPSS

2018-12-19 07:29 PM

cve

CVE-2008-2650

Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...

8.1AI Score

0.063EPSS

2008-06-10 06:32 PM