Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/

https://www.cvedetails.com/cve/CVE-2007-2473/

https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)

WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.229)

WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)

WordPress Plugin WP People 'wp-people-popup.php' SQL Injection (2.0)

WordPress Plugin WP Shop Multiple SQL Injection Vulnerabilities (3.4.3.15)

Severity

High

Classification

CVE-2007-2473 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection