CPE Details
CMSimple CMSimple 2.4 Beta 4
2.4
2007-08-23
19h16 +00:00
19h16 +00:00
2008-04-14
18h20 +00:00
18h20 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:cmsmadesimple:cms_made_simple:2.4:beta4:*:*:*:*:*:*
Informations
Vendor
cmsmadesimpleProduct
cms_made_simpleVersion
2.4Update
beta4Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |
Critique |
||
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
Haute |
||
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092. | 3.5 |
|||
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | 6.8 |
|||
| Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. | 4.3 |
2025©
tesweb SA
