RSS   Vulnerabilities for 'Cms made simple'   RSS

2018-10-12
 
CVE-2018-18271

CWE-79
 

 
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

 
 
CVE-2018-18270

CWE-79
 

 
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

 
2018-04-27
 
CVE-2018-10523

CWE-200
 

 
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.

 
 
CVE-2018-10522

CWE-200
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.

 
 
CVE-2018-10521

CWE-434
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.

 
 
CVE-2018-10520

CWE-284
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.

 
 
CVE-2018-10519

CWE-264
 

 
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.

 
 
CVE-2018-10518

CWE-284
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.

 
 
CVE-2018-10517

CWE-94
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.

 
 
CVE-2018-10516

CWE-200
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.

 


Copyright 2018, cxsecurity.com

 

Back to Top