13 matches found
CVE-2021-47734
CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...
EUVD-2024-53623
Malicious code in bioql PyPI...
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
Unspecified Vulnerability in CMSimple (CNVD-2026-00537)
CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to edit the log.php file via the print page...
CVE-2024-57548
CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CVE-2024-57549
CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CVE-2024-57546
CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...
Cross-Site Scripting (XSS) in CMSimple
High-Tech Bridge Security Research Lab discovered vulnerability in CMSimple, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in CMSimple: CVE-2014-2219 The vulnerability exists due to insufficient sanitisation of user-supplied data in "d"...
CMSimple index.php search Function XSS
The remote host is running CMSimple, a CMS written in PHP. The version of CMSimple installed on the remote host is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input to the search field. %NASLMINLEVEL 70300 Josh Zlatin-Amishav josh at ramat dot cc GPLv2 Chang...