Product:

Cms_made_simple

(Cmsmadesimple)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 151
Date Id Summary Products Score Patch Annotated
2019-03-11 CVE-2019-9693 In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). Cms_made_simple 8.8
2019-03-11 CVE-2019-9692 class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Cms_made_simple 6.5
2019-03-26 CVE-2019-9059 An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. Cms_made_simple 7.2
2019-04-11 CVE-2019-9056 An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. Cms_made_simple 8.8
2019-03-26 CVE-2019-10107 CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. Cms_made_simple 5.4
2019-03-26 CVE-2019-10106 CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. Cms_made_simple 5.4
2019-03-26 CVE-2019-10105 CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. Cms_made_simple 5.4
2018-04-23 CVE-2018-9921 In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. Cms_made_simple 5.3
2018-03-12 CVE-2018-8058 CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. Cms_made_simple 4.8
2018-03-12 CVE-2018-7893 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. Cms_made_simple 4.8