CMS Made Simple

An issue in CMSmadesimple v.2.2.18

CVE-2023-43352 7.8 - High - October 26, 2023

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43360 5.4 - Medium - October 25, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43358 5.4 - Medium - October 23, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43353 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43354 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43355 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43356 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43357 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43359 5.4 - Medium - October 19, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.

XSS

A File upload vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43872 5.4 - Medium - September 28, 2023

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

XSS

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18

CVE-2023-43339 6.1 - Medium - September 25, 2023

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

XSS

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution

CVE-2023-36969 8.8 - High - July 06, 2023

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.

Unrestricted File Upload

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17

CVE-2023-36970 5.4 - Medium - July 06, 2023

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.

XSS

SQL Injection vulnerability in CMS Made Simple through 2.2.15

CVE-2021-28999 8.8 - High - May 08, 2023

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.

SQL Injection

File upload vulnerability in CMS Made Simple through 2.2.15

CVE-2021-28998 7.2 - High - May 08, 2023

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.

Unrestricted File Upload

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php

CVE-2021-40961 8.8 - High - June 09, 2022

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

SQL Injection

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15

CVE-2021-43154 6.1 - Medium - April 13, 2022

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

XSS

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function

CVE-2022-23906 7.2 - High - February 28, 2022

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

Unrestricted File Upload

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability

CVE-2022-23907 6.1 - Medium - February 28, 2022

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

XSS

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which

CVE-2020-23481 5.4 - Medium - September 22, 2021

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

XSS

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9060 7.5 - High - September 17, 2021

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

Directory traversal

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker

CVE-2020-22732 4.8 - Medium - August 05, 2021

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..

XSS

Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra"

CVE-2020-23241 4.8 - Medium - July 26, 2021

Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.

XSS

Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14

CVE-2020-23240 4.8 - Medium - July 26, 2021

Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36410 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36416 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36411 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36412 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36413 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36414 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36415 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36409 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.

XSS

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14

CVE-2020-36408 5.4 - Medium - July 02, 2021

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.

XSS

A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which

CVE-2020-27377 4.8 - Medium - June 01, 2021

A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.

XSS

CMS Made Simple (CMSMS) 2.2.15

CVE-2021-28935 5.4 - Medium - March 30, 2021

CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.

XSS

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

CVE-2020-20138 6.1 - Medium - December 17, 2020

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

XSS

CMS Made Simple 2.2.14

CVE-2020-24860 5.4 - Medium - October 01, 2020

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

XSS

CMS Made Simple before 2.2.15

CVE-2020-22842 5.4 - Medium - September 30, 2020

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.

XSS

CMS Made Simple through 2.2.14

CVE-2020-13660 4.8 - Medium - May 28, 2020

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.

XSS

The Filemanager in CMS Made Simple 2.2.13 has stored XSS

CVE-2020-10681 5.4 - Medium - March 20, 2020

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.

XSS

The Filemanager in CMS Made Simple 2.2.13

CVE-2020-10682 7.8 - High - March 20, 2020

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).

Unrestricted File Upload

CMS Made Simple (CMSMS) 2.2.11

CVE-2019-17629 4.8 - Medium - October 16, 2019

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.

XSS

CMS Made Simple (CMSMS) 2.2.11

CVE-2019-17630 4.8 - Medium - October 16, 2019

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.

XSS

CMS Made Simple (CMSMS) 2.2.11

CVE-2019-17226 4.8 - Medium - October 06, 2019

CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.

XSS

CMS Made Simple 2.2.10 has XSS

CVE-2019-11226 5.4 - Medium - June 05, 2019

CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.

XSS

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS

CVE-2019-11513 4.8 - Medium - April 25, 2019

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.

XSS

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9056 8.8 - High - April 11, 2019

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.

Marshaling, Unmarshaling

CMS Made Simple 2.2.10 has a Self-XSS vulnerability

CVE-2019-10105 5.4 - Medium - March 26, 2019

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.

XSS

CMS Made Simple 2.2.10 has XSS

CVE-2019-10106 5.4 - Medium - March 26, 2019

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.

XSS

CMS Made Simple 2.2.10 has XSS

CVE-2019-10107 5.4 - Medium - March 26, 2019

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.

XSS

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9057 8.8 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

Marshaling, Unmarshaling

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9055 8.8 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.

Marshaling, Unmarshaling

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9053 8.1 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

SQL Injection

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9059 7.2 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.

Command Injection

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9058 7.2 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.

Prototype Pollution

An issue was discovered in CMS Made Simple 2.2.8

CVE-2019-9061 8.8 - High - March 26, 2019

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.

Marshaling, Unmarshaling

CMS Made Simple 2.2.10 has XSS

CVE-2019-10017 5.4 - Medium - March 24, 2019

CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.

XSS

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php

CVE-2019-9693 8.8 - High - March 11, 2019

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).

SQL Injection

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure

CVE-2019-9692 6.5 - Medium - March 11, 2019

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

Unrestricted File Upload

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php

CVE-2018-20464 6.1 - Medium - December 25, 2018

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.

XSS

CMS Made Simple 2.2.8

CVE-2018-19597 4.8 - Medium - December 19, 2018

CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.

XSS

XSS exists in CMS Made Simple version 2.2.7

CVE-2018-18271 6.1 - Medium - October 12, 2018

XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

XSS

XSS exists in CMS Made Simple version 2.2.7

CVE-2018-18270 6.1 - Medium - October 12, 2018

XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

XSS

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability

CVE-2018-10520 6.5 - Medium - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.

Incorrect Permission Assignment for Critical Resource

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user

CVE-2018-10515 7.2 - High - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.

Code Injection

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user

CVE-2018-10516 6.5 - Medium - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.

Information Disclosure

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user

CVE-2018-10517 7.2 - High - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.

Code Injection

In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability

CVE-2018-10518 6.5 - Medium - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.

Incorrect Permission Assignment for Critical Resource

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1

CVE-2018-10519 8.8 - High - April 27, 2018

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.

Incorrect Permission Assignment for Critical Resource

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability

CVE-2018-10521 2.7 - Low - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.

Unrestricted File Upload

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users

CVE-2018-10522 4.9 - Medium - April 27, 2018

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.

Information Disclosure

CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability

CVE-2018-10523 5.3 - Medium - April 27, 2018

CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.

Information Disclosure

In CMS Made Simple 2.2.7

CVE-2018-9921 5.3 - Medium - April 23, 2018

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.

Directory traversal

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url']

CVE-2018-1000158 8.8 - High - April 18, 2018

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack.

Incorrect Permission Assignment for Critical Resource

CMS Made Simple (CMSMS) through 2.2.6

CVE-2018-10085 9.8 - Critical - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.

Marshaling, Unmarshaling

CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability

CVE-2018-10081 9.8 - Critical - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.

Weak Password Recovery Mechanism for Forgotten Password

CMS Made Simple (CMSMS) through 2.2.7

CVE-2018-10082 5.3 - Medium - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.

Information Disclosure

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request

CVE-2018-10083 7.5 - High - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.

Directory traversal

CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1

CVE-2018-10084 8.8 - High - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.

Use of a Broken or Risky Cryptographic Algorithm

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard

CVE-2018-10086 7.2 - High - April 13, 2018

CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.

Code Injection

CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php

CVE-2018-10033 4.8 - Medium - April 11, 2018

CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.

XSS

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php

CVE-2018-10032 4.8 - Medium - April 11, 2018

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.

XSS

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.

CVE-2018-10031 8.8 - High - April 11, 2018

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.

Session Riding

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.

CVE-2018-10030 8.8 - High - April 11, 2018

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.

Session Riding

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php

CVE-2018-10029 4.8 - Medium - April 11, 2018

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.

XSS

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page

CVE-2018-1000092 8.8 - High - March 13, 2018

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.

Session Riding

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager

CVE-2018-1000094 7.2 - High - March 13, 2018

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.

Unrestricted File Upload

CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php

CVE-2018-8058 4.8 - Medium - March 12, 2018

CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.

XSS

CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php

CVE-2018-7893 4.8 - Medium - March 12, 2018

CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.

XSS

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6

CVE-2018-7448 7.5 - High - February 26, 2018

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.

Shell injection

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php

CVE-2018-5964 4.8 - Medium - January 25, 2018

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.

XSS

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php

CVE-2018-5965 4.8 - Medium - January 25, 2018

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.

XSS

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php

CVE-2018-5963 4.8 - Medium - January 25, 2018

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.

XSS

CMS Made Simple (CMSMS) 2.1.6

CVE-2017-8912 7.2 - High - May 12, 2017

CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.

Code Injection

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter

CVE-2017-7257 5.4 - Medium - March 24, 2017

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.

XSS

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter

CVE-2017-7256 5.4 - Medium - March 24, 2017

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.

XSS

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter

CVE-2017-7255 5.4 - Medium - March 24, 2017

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.

XSS