CVE-2007-2473

Опубликовано: 02 мая 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Ссылки

http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/
Patch
http://osvdb.org/35744
http://secunia.com/advisories/25082
Vendor Advisory
http://www.scanit.be/advisory-2007-05-02.html
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/23753
Exploit
http://www.vupen.com/english/advisories/2007/1628
https://exchange.xforce.ibmcloud.com/vulnerabilities/34044
http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/
Patch
http://osvdb.org/35744
http://secunia.com/advisories/25082
Vendor Advisory
http://www.scanit.be/advisory-2007-05-02.html
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/23753
Exploit
http://www.vupen.com/english/advisories/2007/1628
https://exchange.xforce.ibmcloud.com/vulnerabilities/34044

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Версия до 1.0.5 (включая)

EPSS

Процентиль: 79%

0.01289

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pqx5-jj73-9xw4

github

почти 4 года назад