cmsmadesimple

158 tracked vulnerabilities.

CVE-2018-10523 MEDIUM
CMS Made Simple < 2.2.7 - Physical Path Leakage via DesignManager or FileManager Endpoints
Apr 27, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-10522 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Sensitive Information Disclosure via File View Operation
Apr 27, 2018
CVSS 4.9
EPSS 0.00
CVE-2018-10521 LOW
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Movement via Admin Dashboard File Move Operation
Apr 27, 2018
CVSS 2.7
EPSS 0.00
CVE-2018-10520 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Deletion via Module Remove Operation
Apr 27, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-10519 HIGH
CMS Made Simple 2.2.7 - Privilege Escalation via Cookie eff_uid Manipulation
Apr 27, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-10518 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Deletion via Admin Dashboard
Apr 27, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-10517 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
Apr 27, 2018
CVSS 7.2
EPSS 0.18
CVE-2018-10516 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Sensitive Information Disclosure via File Rename Operation
Apr 27, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-10515 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via File Unpack Operation
Apr 27, 2018
CVSS 7.2
EPSS 0.03
CVE-2018-9921 MEDIUM
CMS Made Simple 2.2.7 - Path Traversal via Admin Checksum Endpoint
Apr 23, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-1000158 HIGH
cmsmadesimple <2.2.7 - Privilege Escalation
Apr 18, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-10086 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Test Function Eval Bypass
Apr 13, 2018
CVSS 7.2
EPSS 0.01
CVE-2018-10085 CRITICAL
CMS Made Simple < 2.2.6 - Remote Code Execution via Unserialize in LoginOperations
Apr 13, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-10084 HIGH
CMSMS <2.2.6 - Privilege Escalation
Apr 13, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-10083 HIGH
CMS Made Simple < 2.2.7 - Arbitrary File Deletion via Directory Traversal in FilePicker Module
Apr 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-10082 MEDIUM
CMS Made Simple < 2.2.7 - Physical Path Leakage via Invalid Page Parameter or Direct Request
Apr 13, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-10081 CRITICAL
CMS Made Simple < 2.2.7 - Admin Password Reset via Weak Hash Comparison
Apr 13, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-10033 MEDIUM
CMS Made Simple < 2.2.7 - Stored Cross-Site Scripting via Metadata Parameter
Apr 11, 2018
CVSS 4.8
EPSS 0.00
CVE-2018-10032 MEDIUM
CMS Made Simple < 2.2.7 - Reflected Cross-Site Scripting via m1_version Parameter
Apr 11, 2018
CVSS 4.8
EPSS 0.00
CVE-2018-10031 HIGH
CMS Made Simple < 2.2.7 - Cross-Site Request Forgery in admin/moduleinterface.php
Apr 11, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-10030 HIGH
CMS Made Simple < 2.2.7 - Cross-Site Request Forgery in admin/siteprefs.php
Apr 11, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-10029 MEDIUM
CMS Made Simple < 2.2.7 - Reflected Cross-Site Scripting via m1_name Parameter
Apr 11, 2018
CVSS 4.8
EPSS 0.00
CVE-2018-1000092 HIGH
CMS Made Simple 2.2.5 - Cross-Site Request Forgery in Admin Profile Page
Mar 13, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-1000094 HIGH
CMS Made Simple <2.2.5 - Authenticated RCE
Mar 13, 2018
CVSS 7.2
EPSS 0.55
CVE-2018-8058 MEDIUM
CMS Made Simple 2.2.6 - Stored Cross-Site Scripting via pagedata Parameter
Mar 12, 2018
CVSS 4.8
EPSS 0.00
Products
cms_made_simple 154 form_builder 3 CMS Made Simple 1 bable\ 1 cmsmadesimple 1 file_manager 1
Quick Filters
Critical CVEs With Exploits In CISA KEV