Cmsimple

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-57549 HIGH POC This Month

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57548 CRITICAL POC Act Now

CMSimple 5.16 allows the user to edit log.php file via print page. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Cmsimple
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-57547 HIGH POC This Month

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57546 HIGH POC This Month

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57549
EPSS 1% CVSS 7.5
HIGH POC This Month

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cmsimple
NVD GitHub
CVE-2024-57548
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

CMSimple 5.16 allows the user to edit log.php file via print page. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Cmsimple
NVD GitHub
CVE-2024-57547
EPSS 0% CVSS 7.5
HIGH POC This Month

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cmsimple
NVD GitHub
CVE-2024-57546
EPSS 0% CVSS 7.5
HIGH POC This Month

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cmsimple
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy