Cmsmadesimple

Cms Made Simple

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-20464

Exploit
  • EPSS 0.24%
  • Veröffentlicht 25.12.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:32

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email addre...

4.8

CVE-2018-19597

Exploit
  • EPSS 0.24%
  • Veröffentlicht 19.12.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:15

CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.

6.1

CVE-2018-18270

Exploit
  • EPSS 0.24%
  • Veröffentlicht 12.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:37

XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

6.1

CVE-2018-18271

Exploit
  • EPSS 0.24%
  • Veröffentlicht 12.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:37

XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

7.2

CVE-2018-10515

Exploit
  • EPSS 2.61%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:28

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.

6.5

CVE-2018-10516

Exploit
  • EPSS 0.41%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:28

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.

7.2

CVE-2018-10517

Exploit
  • EPSS 17.79%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:28

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.

8.5

CVE-2018-10518

Exploit
  • EPSS 0.21%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:29

In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all dir...

8.8

CVE-2018-10519

Exploit
  • EPSS 0.36%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:29

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through H...

8.5

CVE-2018-10520

Exploit
  • EPSS 0.21%
  • Veröffentlicht 27.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:29

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all d...