66 matches found
EUVD-2011-4244
Malware in sbrugna...
CMSMS 2.2.19 Arbitrary File Upload
Title: cmsms-2.2.19 - File Upload - RCE Author: nu11secur1ty Date: 12/29/2023 Vendor: https://www.cmsmadesimple.org/ Software: https://www.cmsmadesimple.org/downloads-header/cmsms/ Reference: https://portswigger.net/web-security/file-upload,...
Remote Code Execution (RCE)
torfs-ict/cmsms is vulnerable to Remote Code Execution. The vulnerability exists because the library does not properly validate uploaded files, allowing an attacker to upload and execute a malicious file...
SQL Injection
torfs-ict/cmsms is vulnerable to SQL Injection attacks. The vulnerability exists in the m1sortby parameter in function.adminarticlestab.php due to improperly validated parameters, allowing a remote attacker to inject arbitrary SQL commands...
CVE-2022-29664
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/plsave...
CVE-2020-22732
CMS Made Simple (CMSMS) in version 2.2.14 is affected by a stored XSS vulnerability exploitable via the Extensions > Fie Picker. The issue is documented under CVE-2020-22732 across multiple sources (NVD, Red Hat, OpenVAS, etc.). Details in the connected documents confirm the affected product a...
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 is affected by an authenticated cross‑site scripting (XSS) vulnerability in /admin/addbookmark.php via Site Admin > My Preferences > Title field. The issue allows an authenticated user to inject scripts, with CVSS:3.1 base score 5.4 (MEDIUM) and CVSS2 base sco...
CVE-2020-20138
CMS Made Simple (CMSMS) Showtime2 Slideshow module in version 2.2.4 contains a Cross‑Site Scripting (XSS) vulnerability. The available documents confirm the affected component and version but do not provide details on the root cause, exploit vector, or specific impact in context beyond the XSS la...
CVE-2011-4310
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles...
Code injection
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles...
CVE-2011-4310
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles...
CVE-2011-4310
CVE-2011-4310 corresponds to a vulnerability in the News module of CMS Made Simple (CMSMS) prior to version 1.9.4.3. The issue allows remote attackers to corrupt newly written articles. Affected products: CMSMS, with the News module as the vulnerable component; vulnerable scope is versions earlie...
CVE-2019-17630
CMS Made Simple CMSMS 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News Add Article" screen...
CVE-2019-17629
CMS Made Simple CMSMS 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager upload images" screen...
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 is affected by a stored cross‑site scripting (XSS) flaw. An admin can inject malicious content via a crafted image filename in the file manager > upload images screen, which is stored and later rendered in the application. The root cause is not explicitly detaile...
CVE-2019-17630
CMS Made Simple (CMSMS) version 2.2.11 contains a stored XSS vulnerability that can be triggered by an admin submitting a crafted image filename on the News > Add Article screen. The issue appears to be tied to how image filenames are processed and stored, enabling script execution in the admi...
CVE-2019-17226
Summary: CVE-2019-17226 affects CMS Made Simple (CMSMS) 2.2.11, enabling cross-site scripting via the Site Admin > Module Manager > Search Term field. The vulnerability is evidenced in multiple sources (NVD entry mirrors the description). Some open-source scanner data (OpenVAS) indicates a ...
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution Exploit
This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple CMSMS. An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtim...
CVE-2019-9693
CMS Made Simple (CMSMS) vulnerability CVE-2019-9693 affects CMSMS up to version 2.2.10. An authenticated user can exploit a SQL Injection in class.showtime2_data.php via multiple functions (_updateshow with show_id, _inputshow with show_id, _Getshowinfo with show_id, _Getpictureinfo with picture_...
Babel 0.4.1 Open Redirection
Affected Software: Babel: Multilingual Site module for CMS Made Simple Affected Version: 0.4.1 and earlier Patched Version: None - project is no longer under development CVE Identifier: TBD Vulnerability type: CWE-601: URL Redirection to Untrusted Site 'Open Redirect' Severity Rating: CVSS v3 Bas...