Back to CVE Browser

CVE-2017-6070

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile23.16th

PublishedFeb 21, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

Affected Platforms (CPE)

📦

Cmsmadesimple

Form Builder

<= 0.8.1.5

📦

Cmsmadesimple

Cms Made Simple

<= 1.12.2

References & Advisories

🔗 http://dev.cmsmadesimple.org/project/files/69

🔗 https://daylight-it.com/security-advisory-dlcs0001.html

🔗 http://dev.cmsmadesimple.org/project/files/69

🔗 https://daylight-it.com/security-advisory-dlcs0001.html

Related Vulnerabilities

CVE-2017-159199.8

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-ad...

CVE-2015-94529.8

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-form...

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.