1249 matches found
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...
CVE-2022-23907
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting XSS vulnerability via the parameter m1fmmessage...
CVE-2022-23906
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...
CVE-2020-23481
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
Simple-CTF-THM-Writeup This repository is a complete walkthrough...
EUVD-2025-50830
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-63678
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-63678
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-63678
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-63678
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...
PT-2025-46221
Name of the Vulnerable Software and Affected Versions CMS Made Simple Foundation File Manager version 2.2.22 Description An authenticated arbitrary file upload issue exists in the /uploads/ endpoint of the software. An attacker with Administrator privileges can upload a crafted PHP file,...
CMSmadesimple 安全漏洞
CMSmadesimple is an open source content management system from the CMS Made Simple Foundation. A security vulnerability exists in CMSmadesimple version 2.2.22, which originates from the presence of an authenticated, arbitrary file upload in the /uploads/ endpoint and could lead to the execution o...
CVE-2025-63678
Summary: CVE-2025-63678 affects CMS Made Simple Foundation File Manager v2.2.22. An authenticated attacker with Administrator privileges can upload a crafted PHP file to the /uploads/ endpoint, potentially leading to arbitrary code execution. This aligns with multiple sources in the connected doc...
EUVD-2018-2167
Malware in sbrugna...
EUVD-2019-2927
Malware in sbrugna...
EUVD-2019-18443
Malware in sbrugna...
EUVD-2020-12925
Malware in sbrugna...
EUVD-2020-15993
Malware in sbrugna...