Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/

https://www.cvedetails.com/cve/CVE-2007-2473/

https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

WordPress Plugin Related Sites 'guid' Parameter SQL Injection (2.1)

WordPress Plugin Fuctweb CapCC 'plugins.php' SQL Injection (1.0)

WordPress Plugin Microblog Poster SQL Injection (1.6.1)

WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)

WordPress 'wp-trackback.php' SQL Injection Vulnerability (1.5)

Severity

High

Classification

CVE-2007-2473 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection