CMS Made Simple 2.2.11

CPE Details

CMS Made Simple 2.2.11
cmsmadesimple
cms_made_simple
2.2.11
2019-10-11
16h23 +00:00
2019-10-11
16h23 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.11:*:*:*:*:*:*:*

Informations

Vendor

cmsmadesimple

Product

cms_made_simple

Version

2.2.11

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-28998 2023-05-08 00h00 +00:00 File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
7.2
Haute
CVE-2021-28999 2023-05-08 00h00 +00:00 SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
8.8
Haute
CVE-2021-40961 2022-06-08 22h00 +00:00 CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
8.8
Haute
CVE-2020-22842 2020-09-30 01h12 +00:00 CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
5.4
Moyen
CVE-2020-13660 2020-05-28 16h53 +00:00 CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
4.8
Moyen
CVE-2019-17629 2019-10-16 10h24 +00:00 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
4.8
Moyen
CVE-2019-17630 2019-10-16 10h23 +00:00 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
4.8
Moyen
CVE-2019-17226 2019-10-06 15h04 +00:00 CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
4.8
Moyen
CVE-2017-1000453 2018-01-02 17h00 +00:00 CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
9.8
Critique
CVE-2017-1000454 2018-01-02 17h00 +00:00 CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
7.8
Haute
CVE-2014-0334 2014-03-02 16h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
3.5
CVE-2007-5056 2007-09-24 20h00 +00:00 Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
6.8