CVE-2021-28998
https://notcve.org/view.php?id=CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/file_upload_RCE/File_upload_to_RCE.md https://seclists.org/fulldisclosure/2021/Mar/50 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-28999
https://notcve.org/view.php?id=CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md https://seclists.org/fulldisclosure/2021/Mar/49 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-40961
https://notcve.org/view.php?id=CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. CMS Made Simple versiones anteriores a 2.2.15 incluyéndola, está afectado por una inyección SQL en el archivomodules/News/function.admin_articlestab.php. La variable $sortby está concatenada con $query1, pero es posible inyectar un lenguaje SQL arbitrario sin usar la variable " • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md https://packetstormsecurity.com/files/161895/CMS-Made-Simple-2.2.15-SQL-Injection.html https://seclists.org/fulldisclosure/2021/Mar/49 https://www.soteritsecurity.com/blog/2023/01/CMS-Made-Simple_CVE-2021-40961.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-9060
https://notcve.org/view.php?id=CVE-2019-9060
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). Se ha detectado un problema en CMS Made Simple versión 2.2.8. Es posible lograr un salto de ruta no autenticado en el módulo CGExtensions (en el archivo action.setdefaulttemplate.php) con el parámetro m1_filename; y mediante el archivo action.showmessage.php, es posible leer el contenido de un archivo arbitrario (al usar ese salto de ruta con m1_prefname establecido en cg_errormsg y m1_resettodefault=1) • http://dev.cmsmadesimple.org/project/changelog/5819 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285 https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-20138 – Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el módulo Showtime2 Slideshow en CMS Made Simple (CMSMS) versión 2.2.4 Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities. • https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •