Stupid Simple Cms Security Vulnerabilities and Issues — Stupid Simple Cms CVE List

CodelyfeStupid Simple Cms

11 matches found

CVE•added 2024/01/17 12:0 a.m.•213 views

CVE-2024-22714

Stupid Simple CMS

6.1CVSS5.9AI score0.00376EPSS

CVE•added 2024/01/17 12:0 a.m.•212 views

CVE-2024-22715

Summary (from provided records): Stupid Simple CMS

8.8CVSS8.8AI score0.00303EPSS

CVE•added 2024/03/01 12:0 a.m.•72 views

CVE-2024-27558

CVE-2024-27558 affects Stupid Simple CMS 1.2.4. The vulnerability is a Cross Site Scripting (XSS) flaw in the blog title field within the settings UI. Affected software is the Stupid Simple CMS product; the exact vulnerable component is the blog title input handling in the settings page. The desc...

6.1CVSS5.9AI score0.00427EPSS

CVE•added 2024/03/01 12:0 a.m.•68 views

CVE-2024-27689

The vulnerability CVE-2024-27689 affects Stupid Simple CMS v1.2.4 and is a Cross-Site Request Forgery (CSRF) via /update-article.php. CVSSv3.1 base score 8.8 ( HIGH ); attack vector Network, privileges required NONE, user interaction REQUIRED, confidentiality/ integrity/ availability HIGH. Connec...

8.8CVSS7.4AI score0.00316EPSS

CVE•added 2024/04/02 9:31 p.m.•68 views

CVE-2024-3202

CVE-2024-3202 affects codelyfe Stupid Simple CMS 1.2.4 Login Page. The issue is inadequate restriction of excessive authentication attempts (no rate limiting), enabling remote abuse. Exploitation is publicly disclosed; attack complexity is high per source data. No concrete patch/version fix detai...

5.9CVSS4.3AI score0.01201EPSS

CVE•added 2024/03/01 12:0 a.m.•64 views

CVE-2024-27559

CVE-2024-27559 – Stupid Simple CMS : A CSRF vulnerability exists in Stupid Simple CMS v1.2.4 via the component /save_settings.php. The CVSS 3.1 base metrics indicate a MEDIUM severity (6.3) with network attack vector, low attack complexity, and LOW impact on confidentiality, integrity, and availa...

6.3CVSS7.4AI score0.00225EPSS

CVE•added 2023/12/21 7:31 p.m.•58 views

CVE-2023-7040

CVE-2023-7040 affects codelyfe Stupid Simple CMS up to v1.2.4. The vulnerability is in /file-manager/rename.php where manipulation of the oldName argument enables path traversal to ../filedir. It can be exploited remotely and has public disclosure. The vulnerability is tracked as VDB-248689. Miti...

6.5CVSS5.5AI score0.00764EPSS

Web

CVE•added 2023/12/21 8:0 p.m.•53 views

CVE-2023-7041

CVE-2023-7041 details a path traversal vulnerability in codelyfe Stupid Simple CMS

5.5CVSS5.5AI score0.00906EPSS

Web

CVE•added 2023/12/18 12:31 a.m.•49 views

CVE-2023-6907

The CVE-2023-6907 entry concerns codelyfe Stupid Simple CMS (versions up to 1.2.4). The vulnerability affects the Deletion Interface’s file-manager delete.php, where manipulation of the file parameter leads to improper authentication. Public exploit details exist, indicating potential exploitatio...

9.1CVSS7.5AI score0.01201EPSS

Web

CVE•added 2023/12/17 3:31 p.m.•37 views

CVE-2023-6902

CVE-2023-6902 affects codelyfe Stupid Simple CMS up to version 1.2.4. The vulnerability resides in the file /file-manager/upload.php, where manipulation of the file parameter enables unrestricted file upload. The description indicates the exploit has been disclosed publicly, posing a risk of remo...

9.8CVSS7.7AI score0.00972EPSS

Web

CVE•added 2023/12/17 2:0 p.m.•34 views

CVE-2023-6901

CVE-2023-6901 affects codelyfe Stupid Simple CMS versions up to 1.2.3. The vulnerability lies in the HTTP POST Request Handler’s file /terminal/handle-command.php, where using the argument with input “whoami” enables an OS command injection. The issue is exploitable remotely and an exploit has be...

9.8CVSS9AI score0.02864EPSS

Web