Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SQL Injection (stylesheet.php) (CMS Made Simple) - Vulnerability Database

SQL Injection (stylesheet.php) (CMS Made Simple)

Description

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

Remediation

Update to CMS Made Simple 1.0.6 or later.

References

http://www.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/
https://www.cvedetails.com/cve/CVE-2007-2473/
https://cve.circl.lu/cve/CVE-2007-2473

Related Vulnerabilities

Hibernate Query Language (HQL) Injection High
Common tags: SQL Injection
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1) High
Common tags: SQL Injection
WordPress Plugin Comments-wpDiscuz SQL Injection (5.3.5) High
Common tags: SQL Injection
WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.13.35) High
Common tags: SQL Injection
WordPress Plugin Payment Form for PayPal Pro SQL Injection (1.1.64) High
Common tags: SQL Injection

Severity

High

Classification

CVE-2007-2473
CWE-89
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

SQL Injection