Cmsmadesimple

Cms Made Simple

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-10107

Exploit
  • EPSS 0.25%
  • Veröffentlicht 26.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:25

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.

8.1

CVE-2019-9053

Exploit
  • EPSS 92.58%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 17.11.2025 20:15:48

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

8.8

CVE-2019-9055

  • EPSS 27.55%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:53

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call wi...

8.8

CVE-2019-9057

  • EPSS 0.78%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:54

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

7.2

CVE-2019-9058

  • EPSS 1.01%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:54

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.

7.2

CVE-2019-9059

  • EPSS 4.14%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:54

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching th...

8.8

CVE-2019-9061

  • EPSS 0.78%
  • Veröffentlicht 26.03.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:54

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install mo...

5.4

CVE-2019-10017

Exploit
  • EPSS 0.25%
  • Veröffentlicht 24.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:13

CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.

6.5

CVE-2019-9692

Exploit
  • EPSS 54.66%
  • Veröffentlicht 11.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:07

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

8.8

CVE-2019-9693

  • EPSS 0.36%
  • Veröffentlicht 11.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:07

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo...