12 matches found
EUVD-2020-9414
Malware in sbrugna...
EUVD-2018-11286
Malware in sbrugna...
Design/Logic Flaw
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...
CVE-2020-17462
CMS Made Simple 2.2.14 is affected by an authenticated arbitrary file upload vulnerability in the File Manager due to not blocking .ptar files, a related issue to CVE-2017-16798. Multiple sources (NVD/CVE records, OpenVAS listing) note the issue affects 2.2.14 and, per OpenVAS, also 2.2.15 and ea...
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...
Design/Logic Flaw
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798...
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798...
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798...
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798...
CMS Made Simple 2.2.3.1 Multiple Vulnerabilities
CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...
CVE-2017-16798
In CMS Made Simple 2.2.3.1, the isfileacceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by...
CVE-2017-16798
CMS Made Simple 2.2.3.1 is vulnerable in is_file_acceptable() in modules/FileManager/action.upload.php, which only blocks file extensions containing the substring “php” and fails for other extensions (e.g., .phtml, .pht, .html, .svg). This can bypass access restrictions and enable XSS via uploade...