Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/

https://www.cvedetails.com/cve/CVE-2007-2473/

https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

WordPress Plugin ImageDrop 'ImageDrop.php' Blind SQL Injection (1.1.2)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)

WordPress Plugin Active Directory Integration SQL Injection (1.1.8)

WordPress 'comment_post_ID' Parameter SQL Injection Vulnerability (3.0.4)

WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)

Severity

High

Classification

CVE-2007-2473 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection