CVE-2021-47734

CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...

EUVD-2024-53623

Malicious code in bioql PyPI...

CVE-2024-32345

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

Unspecified Vulnerability in CMSimple (CNVD-2026-00537)

CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to edit the log.php file via the print page...

The vulnerability of the log.php script in the CMSimple content management system allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the CMSimple content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafted GET request...

The vulnerability of the CMSimple content management system, related to incorrect restrictions on the path to the restricted access catalog, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CMSimple content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafted GET request...

CVE-2024-57548

CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...

CVE-2024-57549

CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

Cross-Site Scripting (XSS) in CMSimple

High-Tech Bridge Security Research Lab discovered vulnerability in CMSimple, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in CMSimple: CVE-2014-2219 The vulnerability exists due to insufficient sanitisation of user-supplied data in "d"...

CMSimple index.php search Function XSS

The remote host is running CMSimple, a CMS written in PHP. The version of CMSimple installed on the remote host is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input to the search field. %NASLMINLEVEL 70300 Josh Zlatin-Amishav josh at ramat dot cc GPLv2 Chang...