threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cmsimple
Product
cmsimple
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-47735
all versions
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP
8.8
HIGH
CVE-2021-47734
all versions
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session f
7.8
HIGH
CVE-2021-47733
all versions
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicod
6.1
MEDIUM
CVE-2021-47732
all versions
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to
6.1
MEDIUM
CVE-2024-58280
all versions
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and
8.8
HIGH
CVE-2024-57549
all versions
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request
7.5
HIGH
CVE-2024-57548
all versions
CMSimple 5.16 allows the user to edit log.php file via print page.
9.1
CRITICAL
CVE-2024-57547
all versions
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted scrip
7.5
HIGH
CVE-2024-57546
all versions
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link fun
7.5
HIGH
CVE-2024-33423
all versions
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts
7.4
HIGH
CVE-2024-33424
all versions
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web script
6.1
MEDIUM
CVE-2024-32392
all versions
Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php com
4.5
MEDIUM
CVE-2024-32345
all versions
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web script
7.2
HIGH
CVE-2024-32344
all versions
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web script
6.8
MEDIUM
CVE-2021-43741
all versions
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on
9.8
CRITICAL
CVE-2021-43742
all versions
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
5.4
MEDIUM
CVE-2018-19508
all versions
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.
4.8
MEDIUM
CVE-2018-19507
all versions
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.
4.8
MEDIUM
CVE-2014-2219
<= 3.5.4
Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before F
CVE-2008-2650
all versions
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers t
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin