Cmsmadesimple Cms_made_simple

154 CVEs affecting Cmsmadesimple Cms_made_simple. Latest disclosed: 2025-05-25. Critical: 8, High: 36.

Top CVEs affecting Cmsmadesimple Cms_made_simple
CVESeverityScorePublishedSummary
CVE-2024-1527Critical9.82024-03-12Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security mea…
CVE-2018-10085Critical9.82018-04-13CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.Login…
CVE-2018-10081Critical9.82018-04-13CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beg…
CVE-2017-1000453Critical9.82018-01-02CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVE-2017-17735Critical9.82017-12-18CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVE-2017-17734Critical9.82017-12-18CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVE-2017-16783Critical9.82017-11-10In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-6070Critical9.82017-02-21CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter i…
CVE-2023-36969High8.82023-07-06CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
CVE-2021-28999High8.82023-05-08SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News…
CVE-2021-40961High8.82022-06-09CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it…
CVE-2019-9056High8.82019-04-11An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator…
CVE-2019-9061High8.82019-03-26An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize ca…
CVE-2019-9057High8.82019-03-26An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achiev…
CVE-2019-9055High8.82019-03-26An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with…
CVE-2019-9693High8.82019-03-11In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter…
CVE-2018-10519High8.82018-04-27CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE…
CVE-2018-1000158High8.82018-04-18cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url']…
CVE-2018-10084High8.82018-04-13CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within…
CVE-2018-10031High8.82018-04-11CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.