Lucene search
K

197 matches found

EUVD
EUVD
added 2026/02/01 12:15 p.m.6 views

EUVD-2021-34755

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS6AI score
Exploits0References3
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.8 views

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from the id parameter in the preview.php file, which allows for the execution of arbitrary scripts...

6.4CVSS5.9AI score0.00288EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.11 views

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting vulnerabilities in user input parameters, which could allow remote attackers ...

6.4CVSS5.7AI score0.00289EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.8 views

Simple CMS SQL注入漏洞

Simple CMS is an open-source content management system developed using Simple PHP scripts. Version 2.1 of Simple CMS has a SQL injection vulnerability, which stems from unvalidated input parameters in the admin.php file, potentially leading to SQL injection attacks...

8.8CVSS5.8AI score0.00511EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.9 views

PT-2026-5564

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00288EPSS
Exploits1References4
CVE
CVE
added 2026/01/21 5:32 p.m.13 views

CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

BiggiDroid Simple PHP CMS 安全漏洞

BiggiDroid Simple PHP CMS is a BiggiDroid open source content management system. A security vulnerability exists in BiggiDroid Simple PHP CMS version 1.0, which stems from the incorrect manipulation of the parameter image in the file /admin/editsite.php, which could lead to arbitrary file uploads...

7.2CVSS4.9AI score0.0042EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-1774

Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS that allows for unrestricted file uploads. This issue affects an unknown function within the /admin/editsite.php file. The manipulation of the image...

5.8CVSS4.7AI score0.0042EPSS
Exploits2References9
RedhatCVE
RedhatCVE
added 2025/12/31 6:2 p.m.4 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS4.8AI score0.00292EPSS
Exploits1References1
CVE
CVE
added 2025/12/30 6:32 p.m.23 views

CVE-2025-15263

BiggiDroid Simple PHP CMS 1.0 is affected in the Admin Login component, specifically the file /admin/login.php. The vulnerability allows SQL injection by manipulating the Username argument, with remote execution and publicly available exploit code. Multiple sources corroborate the issue, includin...

9.8CVSS7.3AI score0.00333EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.8 views

PT-2025-54211

Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS 1.0, specifically within the Admin Login component. Manipulation of the Username argument in the /admin/login.php file can lead to SQL injection. This...

7.5CVSS7.5AI score0.00333EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.6 views

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS6.2AI score0.00233EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS8AI score0.0051EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/18 12:34 a.m.4 views

EUVD-2023-60205

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS7.4AI score0.0051EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/18 12:34 a.m.6 views

EUVD-2023-60204

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

8.8CVSS6.1AI score0.00233EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2025/12/17 11:15 p.m.7 views

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS0.00233EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 11:15 p.m.5 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References3
NVD
NVD
added 2025/12/17 11:15 p.m.21 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS0.0051EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.4 views

CVE-2023-53927 PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS6.2AI score0.00233EPSS
Exploits1References3
Rows per page
Query Builder