Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/

https://www.cvedetails.com/cve/CVE-2007-2473/

https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

WordPress Plugin WP-Polls SQL Injection (2.61)

WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (2.3.5)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.0)

WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)

WordPress Plugin WP Reroute Email SQL Injection (1.4.6)

Severity

High

Classification

CVE-2007-2473 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection