CVE-2014-2245

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Published: Mar 5, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-2245
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	1.1.1	1.1.1.x
cmsmadesimple / cms_made_simple	1.11.6	1.11.6.x
cmsmadesimple / cms_made_simple	0.6	0.6.x
cmsmadesimple / cms_made_simple	0.7.3	0.7.3.x
cmsmadesimple / cms_made_simple	1.10.1	1.10.1.x
cmsmadesimple / cms_made_simple	1.1.3	1.1.3.x
cmsmadesimple / cms_made_simple	1.1.3.1	1.1.3.1.x
cmsmadesimple / cms_made_simple	0.3.2	0.3.2.x
cmsmadesimple / cms_made_simple	0.12.2	0.12.2.x
cmsmadesimple / cms_made_simple	1.10.2	1.10.2.x
cmsmadesimple / cms_made_simple	1.0.5	1.0.5.x
cmsmadesimple / cms_made_simple	1.11.5	1.11.5.x
cmsmadesimple / cms_made_simple	1.11.1	1.11.1.x
cmsmadesimple / cms_made_simple	0.6.3	0.6.3.x
cmsmadesimple / cms_made_simple	0.10.2	0.10.2.x
cmsmadesimple / cms_made_simple	0.6.2	0.6.2.x
cmsmadesimple / cms_made_simple	1.11.7	1.11.7.x
cmsmadesimple / cms_made_simple	0.8.1	0.8.1.x
cmsmadesimple / cms_made_simple	1.0.6	1.0.6.x
cmsmadesimple / cms_made_simple	0.6.1	0.6.1.x
cmsmadesimple / cms_made_simple	0.9	0.9.x
cmsmadesimple / cms_made_simple	0.3	0.3.x
cmsmadesimple / cms_made_simple	1.1.4	1.1.4.x
cmsmadesimple / cms_made_simple	0.5.1	0.5.1.x
cmsmadesimple / cms_made_simple	0.13	0.13.x
cmsmadesimple / cms_made_simple	1.11.8	1.11.8.x
cmsmadesimple / cms_made_simple	0.11.1	0.11.1.x
cmsmadesimple / cms_made_simple	0.8.2	0.8.2.x
cmsmadesimple / cms_made_simple	0.12	0.12.x
cmsmadesimple / cms_made_simple	0.9.1	0.9.1.x
cmsmadesimple / cms_made_simple	0.9.2	0.9.2.x
cmsmadesimple / cms_made_simple	0.10.4	0.10.4.x
cmsmadesimple / cms_made_simple	1.11.3	1.11.3.x
cmsmadesimple / cms_made_simple	1.11	1.11.x
cmsmadesimple / cms_made_simple	0.4	0.4.x
cmsmadesimple / cms_made_simple	0.11.2	0.11.2.x
cmsmadesimple / cms_made_simple	0.8	0.8.x
cmsmadesimple / cms_made_simple	-	1.11.9.x
cmsmadesimple / cms_made_simple	0.1	0.1.x
cmsmadesimple / cms_made_simple	0.7.1	0.7.1.x
cmsmadesimple / cms_made_simple	1.0.4	1.0.4.x
cmsmadesimple / cms_made_simple	0.11	0.11.x
cmsmadesimple / cms_made_simple	1.0.2	1.0.2.x
cmsmadesimple / cms_made_simple	0.10	0.10.x
cmsmadesimple / cms_made_simple	1.11.4	1.11.4.x
cmsmadesimple / cms_made_simple	0.12.1	0.12.1.x
cmsmadesimple / cms_made_simple	1.1	1.1.x
cmsmadesimple / cms_made_simple	1.10	1.10.x
cmsmadesimple / cms_made_simple	0.7	0.7.x
cmsmadesimple / cms_made_simple	1.0.1	1.0.1.x
cmsmadesimple / cms_made_simple	0.3.1	0.3.1.x
cmsmadesimple / cms_made_simple	1.1.2	1.1.2.x
cmsmadesimple / cms_made_simple	0.7.2	0.7.2.x
cmsmadesimple / cms_made_simple	0.10.1	0.10.1.x
cmsmadesimple / cms_made_simple	0.2.1	0.2.1.x
cmsmadesimple / cms_made_simple	0.4.1	0.4.1.x
cmsmadesimple / cms_made_simple	1.10.3	1.10.3.x
cmsmadesimple / cms_made_simple	0.10.3	0.10.3.x
cmsmadesimple / cms_made_simple	1.0	1.0.x
cmsmadesimple / cms_made_simple	1.11.2.1	1.11.2.1.x
cmsmadesimple / cms_made_simple	1.11.2	1.11.2.x
cmsmadesimple / cms_made_simple	0.2	0.2.x
cmsmadesimple / cms_made_simple	1.0.3	1.0.3.x
cmsmadesimple / cms_made_simple	0.5	0.5.x

Vulnerability Database

300,830

CVE-2014-2245

Deep Security Visibility Without the Complexity