Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/

https://www.cvedetails.com/cve/CVE-2007-2473/

https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

WordPress Plugin iCopyright Toolbar 'icopyright_xml.php' SQL Injection (1.1.4)

WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)

WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)

WordPress Plugin WordPress Sentinel Multiple Vulnerabilities (1.0.0)

WordPress Plugin WP TripAdvisor Review Slider SQL Injection (10.7)

Severity

High

Classification

CVE-2007-2473 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection