CMS Made Simple Core

Jump to Bug #
ID Summary Open Date Severity Version Resolution State Assigned To Submitted By
12191 Authenticated Remote code Execution 2019-11-15 Critical 2.2.12 Awaiting Response Open Robert Campbell Yosri Debaibi
12228 Stored Cross-Site Scripting - CMS Made Simple 2.2.13 2019-12-22 Critical 2.2.13 None Open Robert Campbell Guram Javakhishvili
12275 Remote Code Execution (RCE) authenticated with crafted JPG files 2020-03-16 Critical 2.2.13 Awaiting Response Open Ruud van der Velden Joshua Provoste
12502 A Remote Command Execution vulnerability on the background in CMS Made Simple 2.2.15 2021-12-09 Critical 2.1.5 None Open CMS Made Simple Foundation fuzzyap1
12523 Uninstall module error. PHP8 2022-01-27 Critical 2.2.16 Fixed Open Fernando Morgado Yuri Haperski
12531 CWE - 434 : Unrestricted Upload of File with Dangerous Type 2022-02-21 Critical 2.2.16 None Open CMS Made Simple Foundation Humberto Junior
11021 block replacement does not allow to "overwrite" a content block 2016-05-08 Major 2.1.3 Accepted Open Nobody Ludger Merkens
11626 FrontEnd editing with MicroTiny requires permissive_smarty=1 2017-11-01 Major Fixed Open Robert Campbell Jack Skiba
11674 Async processsing not robust 2017-12-14 Major Fixed Open Nobody tom
11876 class.CmsLayoutTemplateQuery.php not implemented as documented + query fatal error on unimplemented filters 2018-08-22 Major 2.2.8 Fixed Open Nobody Deleted User
11969 File Picker Window Does Not Close 2019-02-06 Major None Open Nobody Oliver Coningham
12149 Stored cross-site scripting (XSS) in News > Add Article 2019-09-19 Major 2.2.11 None Open Nobody Neelima Bawa
12393 XSS via SVG file upload 2020-12-04 Major 2.2.15 Won't Fix Open Nobody Eshan Singh
12457 Event Manager empty list when mysql mode only_full_group_by 2021-05-27 Major 2.2.15 Fixed Open Ruud van der Velden Ruud van der Velden
12462 Emojis unsupported 2021-07-21 Major 2.2.15 None Open Nobody
12477 class.cms_config 2021-09-22 Major 2.1.5 Invalid Open Nobody Brian O'Kelly
12520 Built-in {anchor} tag not working on News module pages 2022-01-26 Major 2.2.16 None Open Nobody
12535 File Manager Unpack archive .tar.gz 2022-04-13 Major 2.2.16 None Open Rolf Jean-Claude Etiemble
12540 Module MicroTiny 2.2.5 corrections + compatible php 7.1.0 to 8.1.4 2022-04-19 Major None Open Nobody Philippe Thomas
12544 News no possibility to close this message after Apply 2022-04-20 Major 2.2.16 Accepted Open Fernando Morgado Jean-Claude Etiemble
8208 cms_index_module_templates_by_module_name_template_name too long in utf8 2012-08-03 Minor 1.11 Accepted Open Robert Campbell Not public
9169 CMS DB update scripts do not fail when they should. 2013-04-18 Minor Invalid Open Nobody
9640 content_image does not work when both block and id parameters are given 2013-11-02 Minor 1.11.9 None Open Nobody Martijn de Milliano
9958 Cannot delete template associated to internal page link 2014-04-16 Minor 1.11.10 Accepted Open Nobody Steven Mortimer
10500 session security check incomplete 2015-04-23 Minor 1.11.13 None Open Nobody Fred Polizo