6 matches found
CVE-2017-6072
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
CVE-2017-6071
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
CVE-2017-17735
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVE-2017-17734
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
CVE-2016-7904
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.