Simple Security Vulnerabilities

CVE-2021-38753

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web...

CVE-2021-36601

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL"...

CVE-2020-36446

An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for...

CVE-2020-21353

A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets...

CVE-2021-34166

A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become...

CVE-2021-26232

SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to...

CVE-2020-18660

GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url...

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to...

CVE-2020-18657

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent...

CVE-2020-18658

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to...

CVE-2020-20391

Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save...

CVE-2020-20389

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in...

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar...

CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip...

CVE-2020-18264

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component...

CVE-2020-18265

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component...

CVE-2021-30502

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with...

CVE-2020-28173

Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in...

CVE-2020-28172

A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative...

CVE-2020-35892

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds...

CVE-2020-35893

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in...

CVE-2020-18191

GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via...

CVE-2020-24861

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new...

CVE-2020-25515

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book ,...

CVE-2020-25514

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel,...

CVE-2020-5766

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database...

CVE-2005-4891

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL...

CVE-2013-1420

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in...

CVE-2011-4310

The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new...

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in...

CVE-2019-5992

Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin...

CVE-2019-14327

A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin...

CVE-2019-14328

The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation...

CVE-2019-14323

SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in...

CVE-2019-14282

The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third...

CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect...

CVE-2018-19845

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to...

CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this...

CVE-2018-17835

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php...

CVE-2018-16325

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title...

CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page"...

CVE-2018-15565

An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via...

CVE-2018-15564

An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via...

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension...

CVE-2017-16132

simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...