CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10031
https://notcve.org/view.php?id=CVE-2018-10031
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Request Forgery (CSRF) en admin/moduleinterface.php. • https://github.com/zxyxx/cmsms_vul • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10032
https://notcve.org/view.php?id=CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_version. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000092
https://notcve.org/view.php?id=CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. CMS Made Simple, versión 2.2.5, contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la página de perfil de Administrador, cuyos detalles pueden encontrarse aquí http://dev.cmsmadesimple.org/bug/view/11715. Este ataque parece ser explotable mediante una página web especialmente manipulada. • http://dev.cmsmadesimple.org/bug/view/11715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 77%CPEs: 1EXPL: 2CVE-2018-1000094 – CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. CMS Made Simple 2.2.5 contiene una vulnerabilidad de ejecución remota de código en File Manager que podría permitir que un administrador autenticado con acceso al gestor de archivos ejecute código en el servidor. El ataque parece ser explotable mediante File upload -> copy a cualquier extensión. CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. • https://www.exploit-db.com/exploits/44976 http://dev.cmsmadesimple.org/bug/view/11741 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5965
https://notcve.org/view.php?id=CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_errors. • http://packetstormsecurity.com/files/146035/CMS-Made-Simple-2.2.5-moduleinterface.php-m1_errors-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2018/Jan/83 https://kyawminthein901497298.wordpress.com/2018/01/22/cms-made-simple-2-2-5-reflected-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •