248 matches found
The vulnerability of the log.php script in the CMSimple content management system allows a hacker to gain unauthorized access to protected information and execute arbitrary code.
The vulnerability of the CMSimple content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafted GET request...
CVE-2024-57549
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files...
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files...
CVE-2024-57549
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page...
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CVE-2024-57546
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...
CMSimple 安全漏洞
CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16, which stems from a vulnerability that allows remote attackers to download php backup files via a carefully crafted script that obtains sensitive information...
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files...
CVE-2024-57549
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files...
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page...
CVE-2024-57548
CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...
CVE-2024-57549
CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...
CVE-2024-57546
CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...
CMSimple 安全漏洞
CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to edit the log.php file via the print page...
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page...