CVE-2014-2245
published 2014-03-05CVE-2014-2245: SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to…
PriorityP430medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
0.98%
57.7th percentile
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | <= 1.11.9 | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CMS Made Simple up to 1.0.2 sortby sql injection (ID 11570 / XFDB-91639)
vuldb·2026-05-07·CVSS 6.0
CVE-2014-2245 [MEDIUM] CMS Made Simple up to 1.0.2 sortby sql injection (ID 11570 / XFDB-91639)
A vulnerability identified as critical has been detected in CMS Made Simple up to 1.0.2. This impacts an unknown function. Performing a manipulation of the argument sortby results in sql injection.
This vulnerability is reported as CVE-2014-2245. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
GHSA
GHSA-mfrg-qj22-f4fw: SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1
ghsa_unreviewed·2022-05-17
CVE-2014-2245 [MEDIUM] CWE-89 GHSA-mfrg-qj22-f4fw: SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dev.cmsmadesimple.org/project/changelog/4602http://seclists.org/oss-sec/2014/q1/467http://secunia.com/advisories/56996http://www.securityfocus.com/bid/65953http://dev.cmsmadesimple.org/project/changelog/4602http://seclists.org/oss-sec/2014/q1/467http://secunia.com/advisories/56996http://www.securityfocus.com/bid/65953
2014-03-05
Published