104 matches found
Exploit for CVE-2026-5203
CVE-2026-5203 — CMS Made Simple ≤ 2.2.22 RCE Path Traversal +...
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203
CMS Made Simple
CMS Made Simple(CMSMS) 路径遍历漏洞
CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management, wizard-based installation and update mechanisms, and intelligent caching features. Version 2.2.22 and earlier of CMS Made Simple contained a path...
PT-2026-25060
Name of the Vulnerable Software and Affected Versions Tolgee versions prior to 3.166.3 Description Tolgee is an open-source localization platform. The XML parsers used for importing Android XML resources .xml and .resx files do not disable external entity processing. An authenticated user who can...
CVE-2025-65519
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...
CVE-2025-65519
The CVE-2025-65519 vulnerability affects mayswind ezbookkeeping prior to 1.2.0, where the JSON/XML file import processing fails to validate nesting depth during parsing. This allows authenticated attackers to trigger denial-of-service by uploading deeply nested malicious files, causing CPU exhaus...
CVE-2025-65519
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...
CVE-2026-0684
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2026-0684
CVE-2026-0684 affects the WordPress plugin “CP Image Store with Slideshow” (versions ≤ 1.1.9). The root cause is a logic error in the permissions check inside the cpis_admin_init function, enabling an authorization bypass. As a result, authenticated users with Contributor-level access and above c...
CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2021-28973
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks...
CVE-2025-14050
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
EUVD-2025-203183
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14050
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14050 Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14050
CVE-2025-14050 : The WordPress plugin “Design Import/Export – Styles, Templates, Template Parts and Patterns” is affected by an SQL Injection via XML File Import in all versions up to 2.2. The root cause is insufficient escaping of the user-supplied parameter and a poorly prepared SQL query, enab...