Description
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
Remediation
Update to CMS Made Simple 1.0.6 or later.
References
http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/
Related Vulnerabilities
WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)
WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.4)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.29)