Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / cmsmadesimple

cmsmadesimple

158 tracked vulnerabilities.

CVE-2016-7904 HIGH

CMS Made Simple < 2.1.6 - Cross-Site Request Forgery via Admin User Creation

CVE-2016-2784 MEDIUM

CMS Made Simple 1.x < 1.12.2 and 2.x < 2.1.3 - Cache Poisoning and Cross-Site Scripting via HTTP Host Header

CMS Made Simple < 1.11.10 - Authenticated SQL Injection via News Module sortby Parameter

CMS Made Simple 1.11.10 - Cross-Site Scripting via ImageManager Editor Frame Action Parameter

CMS Made Simple - Authenticated Stored Cross-Site Scripting via Multiple Admin Parameters

CMS Made Simple 1.11.9 - Authenticated Cross-Site Scripting via editevent.php Handler Parameter

CMS Made Simple < 1.11.7 - Cross-Site Scripting

CMS Made Simple < 1.11.2.1 - Authenticated Path Traversal via deld Parameter

CMS Made Simple < 1.11.2 - Cross-Site Request Forgery via deld Parameter

CMS Made Simple < 1.10.3 - Cross-Site Scripting via Email Parameter

CVE-2011-4310 HIGH

CMS Made Simple < 1.9.4.3 - News Module Article Corruption via Improper Input Validation

CMS Made Simple 1.9.2 - Exposure of Sensitive Information via Direct PHP File Request

CMS Made Simple < 1.9.1 - Unspecified Vulnerability in News Module

CMS Made Simple < 1.8.1 - Cross-Site Request Forgery to Reset Admin Password

CMS Made Simple < 1.7.1 - Cross-Site Request Forgery in Change Group Permissions Module

CMS Made Simple <= 1.7.1 - Cross-Site Scripting via Multiple Input Modules

CMS Made Simple <1.8.1 - Path Traversal

CMS Made Simple < 1.7.1 - Cross-Site Scripting via date_format_string Parameter

CMS Made Simple 1.4.1 - Path Traversal

CMS Made Simple <1.2.2 - SQL Injection

CMS Made Simple 1.1.3.1 - Authenticated Privilege Escalation via Direct Request

CMS Made Simple 1.1.3.1 - Authenticated Arbitrary File Upload

CMS Made Simple 1.1.3.1 - Cross-Site Scripting via Anchor Tag and Listtags

CMS Made Simple 1.1.3.1 - Unauthenticated Path Disclosure via Direct File Request

ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter

Previous Page 6 of 7 Next

Products

cms_made_simple 154 form_builder 3 CMS Made Simple 1 bable\ 1 cmsmadesimple 1 file_manager 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy