Cms Made Simple@2.2.7 Security Vulnerabilities and Issues — Cms Made Simple@2.2.7 CVE List

Lucene search

CmsmadesimpleCms Made Simple2.2.7

5 matches found

CVE•added 2018/04/27 6:29 p.m.•44 views

CVE-2018-10519

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists ...

8.8CVSS8.8AI score0.00377EPSS

CVE•added 2018/10/12 7:29 p.m.•37 views

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/10/12 7:29 p.m.•36 views

CVE-2018-18271

XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/04/18 7:29 p.m.•34 views

CVE-2018-1000158

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attack...

8.8CVSS8.6AI score0.00431EPSS

CVE•added 2018/04/23 6:29 p.m.•32 views

CVE-2018-9921

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.

5.3CVSS5.2AI score0.00353EPSS