CVE-2011-4310

The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles...

CMS Made Simple Input Validation Error Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. An input validation error vulnerability exists in the News...

CMS Made Simple < 2.2.10 - SQL Injection

!/usr/bin/env python Exploit Title: Unauthenticated SQL Injection on CMS Made Simple = 2.2.9 Date: 30-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms/ Version: = 2.2.9 Tested on:...

CVE-2019-10106

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...

Design/Logic Flaw

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...

CVE-2019-10106

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...

CVE-2019-10106

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...

CVE-2019-10106

CMS Made Simple 2.2.10 exposes a Cross-Site Scripting (XSS) vulnerability in the News module. The issue stems from lack of proper validation in the moduleinterface.php Name field, reachable via Add Category under Site Admin Settings. Multiple sources (NVD, RH, CNVD, CVE list) corroborate an XSS c...

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...

Sql injection

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter. Recent assessments: Leafry at January 18, 2021 11:27pm UTC reported: This exploit is ok. When running...

PT-2019-19338 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions 2.2.8 through 2.2.9 Description: An issue was discovered that allows unauthenticated blind time-based SQL injection via the m1 idlist parameter in the News module. This can be achieved through a crafted URL. The issue...

CVE-2018-18271

XSS exists in CMS Made Simple version 2.2.7 via the m1extra parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

CVE-2018-12094

Cross-site scripting XSS vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

TYPO3 News Module SQL Injection

This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection can be used to obtain password hashe...

TYPO3 News Module - SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli...

TYPO3 News Module SQL Injection

Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...

TYPO3 Extension News - SQL Injection

Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...

TYPO3 CMS news management module SQL injection vulnerability analysis with exp-a vulnerability warning-the black bar safety net

Foreword By POST, to send orderByAllowed and orderBy, we will be able to control part of the SQL statement and get the injection vulnerabilities. The body The news module is TYPO3（Typo3 content management system the most commonly used one of the modules, and now will be subject toSQL...