1. CVE-Search
  2. CVE-2007-2473
ID CVE-2007-2473
Summary SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. The vendor has addressed this issue with the following product update: http://dev.cmsmadesimple.org/frs/?group_id=6
References
Vulnerable Configurations
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:-:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:-:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 23753
confirm http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/
misc http://www.scanit.be/advisory-2007-05-02.html
osvdb 35744
secunia 25082
vupen ADV-2007-1628
xf cmsmadesimple-stylesheet-sql-injection(34044)
Last major update 29-07-2017 - 01:31
Published 02-05-2007 - 23:19
Last modified 29-07-2017 - 01:31
Back to Top