Cms Made Simple@2.2.8 Security Vulnerabilities and Issues — Cms Made Simple@2.2.8 CVE List

Lucene search

CmsmadesimpleCms Made Simple2.2.8

5 matches found

CVE•added 2019/03/26 5:29 p.m.•224 views

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

8.1CVSS8.2AI score0.92225EPSS

CVE•added 2021/09/17 4:15 p.m.•49 views

CVE-2019-9060

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file conten...

7.5CVSS7.7AI score0.00415EPSS

CVE•added 2018/12/19 7:29 p.m.•38 views

CVE-2018-19597

CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.

4.8CVSS5.1AI score0.0027EPSS

CVE•added 2019/04/11 8:29 p.m.•37 views

CVE-2019-9056

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection.

8.8CVSS8.7AI score0.01225EPSS

CVE•added 2018/12/25 11:29 p.m.•28 views

CVE-2018-20464

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.

6.1CVSS5.9AI score0.0024EPSS