Skip to main content

Cms Made Simple CVE-2017-16783

CRITICAL
Code Injection (CWE-94)
2017-11-10 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 10, 2017 - 23:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

AnalysisAI

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. Affected products include: Cmsmadesimple Cms Made Simple.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2023-36969 HIGH POC
8.8 Jul 06

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. Rated high severity (CVS

CVE-2019-9055 HIGH POC
8.8 Mar 26

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploit

CVE-2018-1000094 HIGH POC
7.2 Mar 13

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows a

CVE-2017-6070 CRITICAL POC
9.8 Feb 21

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntn

CVE-2018-10085 CRITICAL POC
9.8 Apr 13

CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data functi

CVE-2018-10081 CRITICAL POC
9.8 Apr 13

CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly

CVE-2019-9692 MEDIUM POC
6.5 Mar 11

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard

CVE-2018-10519 HIGH POC
8.8 Apr 27

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arrangin

CVE-2018-1000158 HIGH POC
8.8 Apr 18

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in

CVE-2018-10084 HIGH POC
8.8 Apr 13

CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by

CVE-2018-10031 HIGH POC
8.8 Apr 11

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2018-10030 HIGH POC
8.8 Apr 11

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. Rated high severity (CVSS 8.8), this vulnerability is

Share

CVE-2017-16783 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy