what you don't know can hurt you
Showing 1 - 25 of 55 RSS Feed

Files

CMS Made Simple SQL Injection
Posted Apr 2, 2019
Authored by Daniele Scanu

CMS Made Simple versions prior to 2.2.10 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2019-9053
MD5 | a0581c61bf23afc88d6e6ed205385339

Related Files

CMS Made Simple 2.1.6 Server-Side Template Injection
Posted Oct 26, 2020
Authored by Gurkirat Singh

CMS Made Simple version 2.1.6 suffers from a server-side template injection vulnerability.

tags | exploit
advisories | CVE-2017-16783
MD5 | d4a648e9d5a966f59c5fd6ce63fd583e
CMS Made Simple 2.2.14 Cross Site Scripting
Posted Oct 1, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-24860
MD5 | 14c110a6cceaf089f3be6a38ce75132f
CMS Made Simple 2.2.14 Shell Upload
Posted Aug 31, 2020
Authored by Luis Noriega

CMS Made Simple version 2.2.14 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e2fb278aa541f2c08d1c82df912d2cc9
CMS Made Simple 2.2.14 Shell Upload
Posted Aug 13, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.

tags | exploit, shell
MD5 | c88d34ecd4d1716eecd2778aa52e4bd3
CMS Made Simple 2.2.8 Remote Code Execution
Posted Nov 13, 2019
Authored by Daniele Scanu | Site metasploit.com

An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.

tags | exploit, php
advisories | CVE-2019-9055
MD5 | 3b3ade2ee27236b704dbdfaf2c3827c1
CMS Made Simple 2.2.10 Cross Site Scripting
Posted May 24, 2019
Authored by Manuel Garcia Cardenas

CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-11226
MD5 | 67544830735cd3b80f4bcc531cb9688c
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
MD5 | 34616f7d15896f8238efb1b0c1d26897
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
MD5 | 2221652ee89c73f5809f4205dcbfb0d2
CMS Made Simple 2.2.7 Remote Code Execution
Posted Nov 5, 2018
Authored by Lucian Ioan Nitescu

CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-10517
MD5 | 95bdf9a227120d10805c8f1a40f72d42
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted Jul 19, 2018
Authored by Jacob Robles, Mustafa Hasen | Site metasploit.com

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

tags | exploit, php
advisories | CVE-2018-1000094
MD5 | 1cbcf8ed9ea5ef18b9981873d99697eb
CMS Made Simple 2.2.5 Remote Code Execution
Posted Jul 4, 2018
Authored by Mustafa Hasan

CMS Made Simple version 2.2.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000094
MD5 | 72574b50537defd0efa90ab9f43cbc9f
CMS Made Simple 2.1.6 Remote Code Execution
Posted Feb 26, 2018
Authored by Keerati T.

CMS Made Simple version 2.1.6 suffers from a remote code execution vulnerability during install time.

tags | exploit, remote, code execution
advisories | CVE-2018-7448
MD5 | 374dbe5800d06fa2269f4be2af82aedb
CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5965
MD5 | d2044b874e380c62d644f523c1cd981f
CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php.

tags | advisory, php, xss
advisories | CVE-2018-5964
MD5 | 2d3ebcdbc68d9092e39263cfe7528fbb
CMS Made Simple 2.2.5 Persistent Cross Site Scripting
Posted Jan 24, 2018
Authored by Kyaw Min Thein

CMS Made Simple version 2.2.5 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-5963
MD5 | cc0b1b3ad58c5127801670def73caf0f
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection
Posted Nov 27, 2017
Authored by Ziyahan Albeniz

CMS Made Simple version 2.1.6 suffers from cross site scripting and server-side template injection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2017-16783
MD5 | b8c203964a0c308b507bd6d8429e5ab3
CMS Made Simple 0.9.2 Cross Site Scripting
Posted Aug 10, 2017
Authored by Renzi

CMS Made Simple version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 20070c0641463616f42505a111986353
CMS Made Simple 2.2.1 Local File Inclusion
Posted Jul 2, 2017
Authored by Zhiyang Zeng

CMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | b3f295af95e08dea0b4737419f60d4db
CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting
Posted May 12, 2017
Authored by Osanda Malith

CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | fe8ae1a4ea67237579bd325e4d507415
CMS Made Simple Babel Module 0.3.3 Open Redirect / Content Forgery
Posted May 2, 2017
Authored by Project Insecurity, MLT | Site insecurity.zone

CMS Made Simple Babel Module versions prior to 0.3.3 suffer from multiple open redirection and content forgery vulnerabilities.

tags | exploit, web, vulnerability
MD5 | ae84319ea7e4445f5b6494ec0e98bce1
CMS Made Simple Cache Poisoning
Posted May 3, 2016
Authored by Mickael Walter

CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.

tags | exploit, web
advisories | CVE-2016-2784
MD5 | 68c513709fea71de8af188448ecd5734
CMS Made Simple Install SQL Injection Command Execution
Posted Dec 7, 2014
Authored by SAHM

CMS Made Simple can have its install functionality leveraged to insert a malicious SQL statement that allows for command execution pass through.

tags | exploit, sql injection
MD5 | cb5b4a476e6710ba76464cdd860cd79d
CMS Made Simple XSS / CSRF / PHP Object Insertion
Posted Mar 4, 2014
Authored by Pedro Ribeiro

CMS made simple has several security problems including cross site scripting in the admin console, weak cross site request forgery protection, and a possible PHP object insertion via unserialize.

tags | advisory, php, xss, csrf
advisories | CVE-2014-0334
MD5 | bf4889f00b4e4595c78cdb4da9bc9140
CMSMadeSimple 1.11.10 Cross Site Scripting
Posted Feb 22, 2014
Authored by HauntIT

CMSMadeSimple version 1.11.10 suffers from fourteen cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e5514aef5b5ae36b97bceafbe7132d0a
CMS Made Simple 1.11.2 Cross Site Request Forgery
Posted Nov 8, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

CMS Made Simple version 1.11.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-5450
MD5 | b26f732fe9974037d854fcb3f0274a30
Page 1 of 3
Back123Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close