Cms Made Simple@* Security Vulnerabilities and Issues — Cms Made Simple@* CVE List

Lucene search

CmsmadesimpleCms Made Simple*

9 matches found

CVE•added 2019/03/26 5:29 p.m.•221 views

CVE-2019-9055

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, ...

8.8CVSS8.7AI score0.27589EPSS

CVE•added 2019/03/11 6:29 p.m.•66 views

CVE-2019-9692

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

6.5CVSS6.6AI score0.57271EPSS

CVE•added 2019/11/26 11:15 p.m.•61 views

CVE-2011-4310

The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.

7.5CVSS7.5AI score0.00233EPSS

CVE•added 2019/04/25 3:29 a.m.•49 views

CVE-2019-11513

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.

4.8CVSS4.9AI score0.00288EPSS

CVE•added 2019/03/26 5:29 p.m.•46 views

CVE-2019-9057

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

8.8CVSS8.7AI score0.00781EPSS

CVE•added 2019/03/26 5:29 p.m.•44 views

CVE-2019-9061

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.

8.8CVSS8.6AI score0.00781EPSS

CVE•added 2019/03/11 6:29 p.m.•37 views

CVE-2019-9693

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (paramete...

8.8CVSS9AI score0.00357EPSS

CVE•added 2019/03/26 5:29 p.m.•36 views

CVE-2019-9059

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.

7.2CVSS7.6AI score0.04139EPSS

CVE•added 2019/03/26 5:29 p.m.•34 views

CVE-2019-9058

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.

7.2CVSS7.3AI score0.01005EPSS