Lucene search
K

248 matches found

CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References2
CVE
CVE
added 2025/01/27 12:0 a.m.59 views

CVE-2024-57547

CMSimple v5.16 is affected by an Insecure Permissions vulnerability in the backup file download functionality. A crafted script can exploit improper permissions to obtain sensitive information from backup PHP files. The issue is documented across multiple sources (including PT-2025-3468) and is d...

7.5CVSS6.3AI score0.00544EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/01/27 12:0 a.m.60 views

CVE-2024-57548

CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...

9.1CVSS6.9AI score0.00451EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/01/27 12:0 a.m.61 views

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

7.5CVSS6.4AI score0.00559EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/01/27 12:0 a.m.78 views

CVE-2024-57549

CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...

7.5CVSS7AI score0.00632EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.5 views

PT-2025-3468 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to insecure permissions in the file download functionality of the backup system, allowing a remote attacker to obtain sensitive information. This can be achieved through a crafted script...

7.8CVSS7.7AI score0.00544EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.7 views

PT-2025-3467 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue in CMSimple is related to insufficient protection of internal data in the link validation function. This can be exploited by a remote attacker to obtain sensitive information via a crafted script...

7.8CVSS6.8AI score0.00559EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.9 views

PT-2025-3469 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to gain unauthorized access to protected information by sending a specially...

9.1CVSS7.3AI score0.00451EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.10 views

PT-2025-3470 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue allows a user to read the CMS source code by manipulating the file name in the file parameter of a GET request. This is due to incorrect restriction of the path name to a directory with limited...

7.8CVSS7.2AI score0.00632EPSS
Exploits1References7
0day.today
0day.today
added 2024/06/04 12:0 a.m.312 views

CMSimple 5.15 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: CMSimple 5.15 - Remote Command Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CMS Append ",php" t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.326 views

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

7.4AI score
Exploits0
OSV
OSV
added 2024/05/01 8:15 p.m.5 views

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

7.4CVSS6AI score0.00558EPSS
Exploits1References1
NVD
NVD
added 2024/05/01 8:15 p.m.26 views

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

7.4CVSS5.6AI score0.00558EPSS
Exploits1References1
OSV
OSV
added 2024/05/01 7:15 p.m.4 views

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

6.1CVSS5.9AI score0.00404EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.4 views

PT-2024-25247 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

6.1CVSS6AI score0.00404EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/05/01 12:0 a.m.25 views

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

5.7AI score0.00558EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/01 12:0 a.m.15 views

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

5.7AI score0.00404EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/01 12:0 a.m.13 views

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

5.8AI score0.00558EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.6 views

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

7.4CVSS7AI score0.00558EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.10 views

PT-2024-25246 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

7.4CVSS6.2AI score0.00558EPSS
Exploits1References6
Rows per page
Query Builder