Simple-cms Project Security Vulnerabilities
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file admin/pages/useredit.php with a newer version. USOC version...
7.2CVSS
7AI Score
0.002EPSS
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...
10CVSS
9.8AI Score
0.002EPSS
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
9.1CVSS
7.3AI Score
0.001EPSS
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via...
8.8CVSS
8.7AI Score
0.002EPSS
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via...
8.8CVSS
8.6AI Score
0.001EPSS