Cmsmadesimple Cms_made_simple
154 CVEs affecting Cmsmadesimple Cms_made_simple. Latest disclosed: 2025-05-25. Critical: 8, High: 36.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1527 | Critical | 9.8 | 2024-03-12 | Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security mea… |
CVE-2018-10085 | Critical | 9.8 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.Login… |
CVE-2018-10081 | Critical | 9.8 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beg… |
CVE-2017-1000453 | Critical | 9.8 | 2018-01-02 | CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. |
CVE-2017-17735 | Critical | 9.8 | 2017-12-18 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. |
CVE-2017-17734 | Critical | 9.8 | 2017-12-18 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. |
CVE-2017-16783 | Critical | 9.8 | 2017-11-10 | In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. |
CVE-2017-6070 | Critical | 9.8 | 2017-02-21 | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter i… |
CVE-2023-36969 | High | 8.8 | 2023-07-06 | CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. |
CVE-2021-28999 | High | 8.8 | 2023-05-08 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News… |
CVE-2021-40961 | High | 8.8 | 2022-06-09 | CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it… |
CVE-2019-9056 | High | 8.8 | 2019-04-11 | An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator… |
CVE-2019-9061 | High | 8.8 | 2019-03-26 | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize ca… |
CVE-2019-9057 | High | 8.8 | 2019-03-26 | An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achiev… |
CVE-2019-9055 | High | 8.8 | 2019-03-26 | An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with… |
CVE-2019-9693 | High | 8.8 | 2019-03-11 | In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter… |
CVE-2018-10519 | High | 8.8 | 2018-04-27 | CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE… |
CVE-2018-1000158 | High | 8.8 | 2018-04-18 | cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url']… |
CVE-2018-10084 | High | 8.8 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within… |
CVE-2018-10031 | High | 8.8 | 2018-04-11 | CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. |