Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2026-04-23 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5441 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | 6.5 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request. | |||||
| CVE-2008-5642 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. | |||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | |||||
| CVE-2007-6656 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2005-2846 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. | |||||
| CVE-2005-2392 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. | |||||
| CVE-2005-3083 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2024-27623 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-12-17 | N/A | 5.9 MEDIUM |
| CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2024-1529 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-07-11 | N/A | 7.4 HIGH |
| Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session. | |||||
| CVE-2025-5153 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-06-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2017-6070 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | |||||
| CVE-2017-17735 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |||||
| CVE-2017-16783 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | |||||
| CVE-2017-6071 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | |||||
| CVE-2017-17734 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |||||
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | |||||
| CVE-2017-11405 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | |||||