CMS Made Simple 2.2.19

CPE Details

CMS Made Simple 2.2.19
cmsmadesimple
cms_made_simple
2.2.19
2025-03-28
15h12 +00:00
2025-03-28
15h12 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.19:*:*:*:*:*:*:*

Informations

Vendor

cmsmadesimple

Product

cms_made_simple

Version

2.2.19

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-27622 2024-03-04 23h00 +00:00 A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.
7.2
Haute
CVE-2024-27623 2024-03-04 23h00 +00:00 CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
5.9
Moyen
CVE-2024-27625 2024-03-04 23h00 +00:00 CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
4.8
Moyen
CVE-2017-1000453 2018-01-02 17h00 +00:00 CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
9.8
Critique
CVE-2017-1000454 2018-01-02 17h00 +00:00 CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
7.8
Haute
CVE-2014-0334 2014-03-02 16h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
3.5
CVE-2007-5056 2007-09-24 20h00 +00:00 Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
6.8
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.