Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.p...
7.3AI Score
0.063EPSS
Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.
5.8AI Score
0.002EPSS
4.8CVSS
4.9AI Score
0.001EPSS
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.
4.8CVSS
4.9AI Score
0.001EPSS
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
9.8CVSS
9.6AI Score
0.005EPSS
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
5.4CVSS
5.3AI Score
0.001EPSS