NotCVE - vendor:"Cmsmadesimple" product:"Cms Made Simple" version:" <= 2.2.15"

Page 19 of 134 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-16798

https://notcve.org/view.php?id=CVE-2017-16798

In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. En CMS Made Simple 2.2.3.1, la función is_file_acceptable en modules/FileManager/action.upload.php solo bloquea las extensiones de archivo que empiezan o finalizan con una subcadena "php", lo que permite a los atacantes remotos omitir las restricciones de acceso planeadas o desencadenar Cross-Site Scripting (XSS) mediante otras extensiones, tal y como se demostró con .phtml, .pht, .html o .svg. • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20UPLOAD%20FILE%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16784

https://notcve.org/view.php?id=CVE-2017-16784

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. En CMS Made Simple 2.2.2, existe Cross-Site Scripting (XSS) reflejado mediante el parámetro cntnt01detailtemplate. • https://www.netsparker.com/web-applications-advisories/ns-17-031-reflected-xss-vulnerability-in-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3

CVE-2017-16783 – CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection

https://notcve.org/view.php?id=CVE-2017-16783

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. En CMS Made Simple 2.1.6, existe inyección de plantillas del lado del servidor mediante el parámetro cntnt01detailtemplate. CMS Made Simple version 2.1.6 suffers from a server-side template injection vulnerability. • https://www.exploit-db.com/exploits/48944 http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.html https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11405

https://notcve.org/view.php?id=CVE-2017-11405

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción CMSContentManager en el archivo admin/moduleinterface.php, seguido por una acción FilePicker en el archivo admin/moduleinterface.php en la que type=image es cambiada a type=file. • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/filepickerimages/FilePicker_upload_vulnerability.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11404

https://notcve.org/view.php?id=CVE-2017-11404

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción FileManager en el archivo admin/moduleinterface.php. • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

1...17 18 19 20 21