favicon
CMSimple

CPE Prefix

General information

Website
Description
CMSimple is a php based Content Managemant System (CMS) , which requires no database. All data are stored in a simple file system.
Organization
Repository
Versions Page
Release Date
June 17, 2019

Domains using this technology

6.1K
Domain
Security Score
Security Score analyzes found vulnerabilities and indicates a lower or higher risk level of the potential attacks.
Site Title
DNS A record
osada.kotlinski.eu favicon
osada.kotlinski.eu
200
OK
Low
100 / 100 - Low security risk
Osada Danieli – Aktualności
-
-
volleyball.tsv-zorneding.de favicon
volleyball.tsv-zorneding.de
200
OK
Low
100 / 100 - Low security risk
301 Moved Permanently
-
-
vs-windheim.de favicon
vs-windheim.de
200
OK
Low
100 / 100 - Low security risk
Grund- und Mittelschule Windheim - Startseite
-
-
www.1watson.5watson.com favicon
www.1watson.5watson.com
200
OK
Medium
57 / 100 - Medium security risk
Welcome to 1Watson - Welcome to 1Watson
-
-

IPv4 hosts using this technology

110
IP
Security Score
Security Score analyzes found vulnerabilities and indicates a lower or higher risk level of the potential attacks.
Open Ports
Hosted domains
Country
Severe
22 / 100 - Severe security risk
1
Low
100 / 100 - Low security risk
4
Medium
50 / 100 - Medium security risk
13
Low
100 / 100 - Low security risk
1

Known vulnerabilities

3
CVE ID
Severity
Description
MEDIUM
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
LOW
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.
LOW
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.