📦 Cms Made Simple

This vulnerability allows authenticated users in CMS Made Simple to upload malicious files that bypass security filters, potentially leading to remote code execution via webshells. It affects version ...

CMS Made Simple 2.2.14 has a cross-site scripting vulnerability in the admin user creation page that allows attackers to inject malicious JavaScript. This could enable session hijacking when authentic...

This CVE describes a remote code execution vulnerability in CMS Made Simple's User Defined Tags module. Authenticated administrators can inject arbitrary PHP code due to insufficient input sanitizatio...

CMS Made Simple v2.2.17 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious files and execute arbitrary commands on the server. This affects any system...

This SQL injection vulnerability in CMS Made Simple allows remote attackers to execute arbitrary SQL commands via the m1_sortby parameter in the News module admin interface. Successful exploitation co...

CMS Made Simple v2.2.15 contains a remote command execution vulnerability in the upload avatar function. Attackers can execute arbitrary commands on the server by uploading a specially crafted image f...

This vulnerability in CMS Made Simple allows unauthenticated attackers to perform path traversal attacks, potentially reading arbitrary files on the server. It affects CMS Made Simple installations us...