Product
cmsmadesimple cms made simple
158 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-63678
CVE-2025-5153
CVE-2024-1529
CVE-2024-1528
CVE-2024-1527
CVE-2024-27625
CVE-2024-27623
CVE-2024-27622
CVE-2023-43352
CVE-2023-43360
CVE-2023-43358
CVE-2023-43357
CVE-2023-43356
CVE-2023-43355
CVE-2023-43354
CVE-2023-43353
CVE-2023-43359
CVE-2023-43872
CVE-2023-43339
CVE-2023-36970
CVE-2023-36969
CVE-2021-28999
CVE-2021-28998
CVE-2021-40961
CVE-2021-43154
CVE-2022-23907
CVE-2022-23906
CVE-2020-23481
CVE-2019-9060
CVE-2020-22732
CVE-2020-23241
CVE-2020-23240
CVE-2020-36416
CVE-2020-36415
CVE-2020-36414
CVE-2020-36413
CVE-2020-36412
CVE-2020-36411
CVE-2020-36410
CVE-2020-36409
CVE-2020-36408
CVE-2020-27377
CVE-2021-28935
CVE-2020-20138
CVE-2020-24860
CVE-2020-22842
CVE-2020-17462
CVE-2020-14926
CVE-2020-13660
CVE-2020-10682
CVE-2020-10681
CVE-2011-4310
CVE-2019-17630
CVE-2019-17629
CVE-2019-17226
CVE-2019-1010290
CVE-2019-11226
CVE-2019-11513
CVE-2019-9056
CVE-2019-10107
CVE-2019-10106
CVE-2019-10105
CVE-2019-9061
CVE-2019-9059
CVE-2019-9058
CVE-2019-9057
CVE-2019-9055
CVE-2019-9053
CVE-2019-10017
CVE-2019-9693
CVE-2019-9692
CVE-2018-20464
CVE-2018-19597
CVE-2018-18271
CVE-2018-18270
CVE-2018-10523
CVE-2018-10522
CVE-2018-10521
CVE-2018-10520
CVE-2018-10519
CVE-2018-10518
CVE-2018-10517
CVE-2018-10516
CVE-2018-10515
CVE-2018-9921
CVE-2018-1000158
CVE-2018-10086
CVE-2018-10085
CVE-2018-10084
CVE-2018-10083
CVE-2018-10082
CVE-2018-10081
CVE-2018-10033
CVE-2018-10032
CVE-2018-10031
CVE-2018-10030
CVE-2018-10029
CVE-2018-1000092
CVE-2018-1000094
CVE-2018-8058
CVE-2018-7893
CVE-2018-7448
CVE-2018-5965
CVE-2018-5964
CVE-2018-5963
CVE-2017-1000454
CVE-2017-1000453
CVE-2017-17735
CVE-2017-17734
CVE-2017-16799
CVE-2017-16798
CVE-2017-16784
CVE-2017-16783
CVE-2017-11405
CVE-2017-11404
CVE-2017-9668
CVE-2017-8912
CVE-2017-7257
CVE-2017-7256
CVE-2017-7255
CVE-2017-6556
CVE-2017-6555
CVE-2017-6072
CVE-2017-6071
CVE-2017-6070
CVE-2016-7904
CVE-2016-2784
CVE-2014-2245
CVE-2014-2092
CVE-2014-0334
CVE-2013-3929
CVE-2013-4167
CVE-2012-6064
CVE-2012-5450
CVE-2012-1992
CVE-2011-3718
CVE-2010-4663
CVE-2010-3884
CVE-2010-3883
CVE-2010-3882
CVE-2010-2797
CVE-2010-1482
CVE-2008-5642
CVE-2008-2267
CVE-2007-6656
CVE-2007-5444
CVE-2007-5443
CVE-2007-5442
CVE-2007-5441
CVE-2007-5056
CVE-2007-2473
CVE-2007-0610
CVE-2007-0551
CVE-2006-6845
CVE-2006-6844
CVE-2005-3083
CVE-2005-2846
CVE-2005-2392
all versions
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22
all versions
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown pr
all versions
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scrip
all versions
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vuln
all versions
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated us
all versions
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module
all versions
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design
all versions
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.
all versions
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted scrip
all versions
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scriptin
all versions
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted
all versions
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HT
all versions
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
<= 2.2.15
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sor
<= 2.2.15
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted
<= 2.2.15
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is conc
all versions
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in modulein
all versions
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmess
all versions
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. T
all versions
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbi
all versions
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions mod
all versions
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
all versions
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
all versions
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scr
all versions
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simp
all versions
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferen
all versions
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
all versions
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payl
< 2.2.15
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterfa
all versions
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related i
all versions
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
<= 2.2.14
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
all versions
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] t
all versions
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.p
< 1.9.4.3
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
all versions
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
all versions
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" sc
all versions
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
<= 0.4.1
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to r
all versions
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content - Content Manager - News.
<= 2.2.10
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
all versions
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or cl
all versions
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Accoun
all versions
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "S
all versions
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a
<= 2.2.8
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possib
<= 2.2.8
An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by m
<= 2.2.8
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a cr
<= 2.2.8
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an un
<= 2.2.8
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.a
all versions
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthent
all versions
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the
< 2.2.10
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the func
< 2.2.10
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file
all versions
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an a
all versions
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
all versions
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content--News--Add Article
all versions
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content--News--Add Arti
<= 2.2.7
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_te
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclo
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vul
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion
all versions
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion v
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vu
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disc
<= 2.2.7
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vuln
all versions
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outsid
all versions
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "
<= 2.2.7
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implem
<= 2.2.6
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib
<= 2.2.6
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging
<= 2.2.7
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory trave
<= 2.2.7
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting w
<= 2.2.7
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared,
<= 2.2.7
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
<= 2.2.7
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
<= 2.2.7
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
<= 2.2.7
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
<= 2.2.7
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepen
all versions
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can re
all versions
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenti
all versions
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
all versions
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
all versions
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers
all versions
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
all versions
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
all versions
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
< 2.2
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file rea
< 2.2
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthentic
< 2.2.5
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
< 2.2.5
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
all versions
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/modul
all versions
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions t
all versions
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
all versions
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
all versions
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to adm
all versions
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/mod
all versions
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS
all versions
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to a
all versions
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--News--Add Article" feature via the m1_content parameter. Someone must lo
all versions
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--News--Add Article" feature via the m1_summary parameter. Someone must lo
all versions
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--News--Add Article" feature via the m1_title parameter. Someone must logi
all versions
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary we
all versions
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users
<= 1.12.2
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks
<= 1.12.2
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks
<= 1.12.2
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_fo
<= 2.1.5
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authenticati
all versions
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache po
<= 1.11.9
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with th
all versions
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote
all versions
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web sc
all versions
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated user
<= 1.11.6
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web
<= 1.11.2
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows rem
<= 1.11.2
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and e
<= 1.10.3
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to in
all versions
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which r
<= 1.9
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
<= 1.8.1
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authent
<= 1.7.1
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows
<= 1.7.1
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrar
<= 1.6.8
Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to incl
<= 1.7
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow
all versions
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via
all versions
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier all
<= 1.2.2
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers
all versions
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
all versions
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web scri
all versions
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated us
all versions
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated use
all versions
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made S
<= 1.0.5
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQ
all versions
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary
all versions
Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary
all versions
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web scr
all versions
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to i
all versions
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web scri
all versions
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitra
all versions
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web