|
254281
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, …
|
CWE-200
Information Exposure
|
CVE-2018-10523
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254282
|
4.9 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the produc…
|
CWE-200
Information Exposure
|
CVE-2018-10522
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254283
|
2.7 |
LOW
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-10521
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254284
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, beca…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10520
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254285
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10519
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254286
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, becaus…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10518
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254287
|
7.2 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can…
|
CWE-94
Code Injection
|
CVE-2018-10517
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254288
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause Do…
|
CWE-200
Information Exposure
|
CVE-2018-10516
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254289
|
7.2 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be pre…
|
CWE-94
Code Injection
|
CVE-2018-10515
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254290
|
7.8 |
HIGH
Local
|
web-dorado
|
form_maker
|
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10504
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|