Lucene search

Cmsimple Security Vulnerabilities

cve

CVE-2008-2650

Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.p...

7.3AI Score

0.063EPSS

2008-06-10 06:32 PM

cve

CVE-2014-2219

Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.

5.8AI Score

0.002EPSS

2014-03-20 04:55 PM

cve

CVE-2018-19507

CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.

4.8CVSS

4.9AI Score

0.001EPSS

2018-12-19 07:29 PM

cve

CVE-2018-19508

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.

4.8CVSS

4.9AI Score

0.001EPSS

2018-12-19 07:29 PM

cve

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.

9.8CVSS

9.6AI Score

0.005EPSS

2022-04-13 02:15 PM

cve

CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-13 01:15 PM