CMS Made Simple Core

Jump to Bug #
ID Summary Open Date Severity Version Resolution State Assigned To Submitted By
12567 Security issue caused by using older versions of Smarty 2022-10-21 Critical 2.2.16 None Open CMS Made Simple Foundation z
12191 Authenticated Remote code Execution 2019-11-15 Critical 2.2.12 Awaiting Response Open Robert Campbell Yosri Debaibi
12228 Stored Cross-Site Scripting - CMS Made Simple 2.2.13 2019-12-22 Critical 2.2.13 None Open Robert Campbell Guram Javakhishvili
12275 Remote Code Execution (RCE) authenticated with crafted JPG files 2020-03-16 Critical 2.2.13 Awaiting Response Open Ruud van der Velden Joshua Provoste
12502 A Remote Command Execution vulnerability on the background in CMS Made Simple 2.2.15 2021-12-09 Critical 2.1.5 None Open CMS Made Simple Foundation fuzzyap1
12635 Apply button is shown for non-existing page and creates new pages 2023-07-28 Critical Accepted Open Nobody Daniel Brito
11021 block replacement does not allow to "overwrite" a content block 2016-05-08 Major 2.1.3 Accepted Open Nobody Ludger Merkens
11626 FrontEnd editing with MicroTiny requires permissive_smarty=1 2017-11-01 Major Fixed Open Robert Campbell Jack Skiba
11674 Async processsing not robust 2017-12-14 Major Fixed Open Nobody tom
11876 class.CmsLayoutTemplateQuery.php not implemented as documented + query fatal error on unimplemented filters 2018-08-22 Major 2.2.8 Fixed Open Nobody Deleted User
11969 File Picker Window Does Not Close 2019-02-06 Major None Open Nobody Oliver Coningham
12149 Stored cross-site scripting (XSS) in News > Add Article 2019-09-19 Major 2.2.11 None Open Nobody Neelima Bawa
12393 XSS via SVG file upload 2020-12-04 Major 2.2.15 Won't Fix Open Nobody Eshan Singh
12457 Event Manager empty list when mysql mode only_full_group_by 2021-05-27 Major 2.2.15 Fixed Open Ruud van der Velden Ruud van der Velden
12462 Emojis unsupported 2021-07-21 Major 2.2.15 None Open Nobody
12477 class.cms_config 2021-09-22 Major 2.1.5 Invalid Open Nobody Brian O'Kelly
12535 File Manager Unpack archive .tar.gz 2022-04-13 Major 2.2.16 Accepted Open tom Jean-Claude Etiemble
12572 Prototype Pollution 2022-11-04 Major 2.2.16 None Open CMS Made Simple Foundation pranshu
12587 can't uninstall modules running php 8.1 2022-12-12 Major 2.2.16 Accepted Open CMS Made Simple Foundation Ludger Merkens
12634 MenuManager core module is incompatible with PHP 8.1 2023-07-25 Major 2.2.17 Accepted Open Nobody Jean-François S.
12565 debug mode causes fatal error in PHP 8 2022-10-10 Minor 2.2.16 Fixed Open Nobody Matt Hornsby (DIGI3)
8208 cms_index_module_templates_by_module_name_template_name too long in utf8 2012-08-03 Minor 1.11 Accepted Open Robert Campbell Not public
9169 CMS DB update scripts do not fail when they should. 2013-04-18 Minor Invalid Open Nobody
9640 content_image does not work when both block and id parameters are given 2013-11-02 Minor 1.11.9 None Open Nobody Martijn de Milliano
9958 Cannot delete template associated to internal page link 2014-04-16 Minor 1.11.10 Accepted Open Nobody Steven Mortimer