CyberSec.Space Logo
Back to CVE Browser

CVE-2017-17734

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile15.24th
PublishedDec 18, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

Affected Platforms (CPE)

πŸ“¦
Cmsmadesimple

Cms Made Simple

< 2.2.5

References & Advisories

πŸ”— https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737
πŸ”— https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa
πŸ”— https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737
πŸ”— https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

Related Vulnerabilities

CVE-2010-466310.0

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVE-2017-167839.8

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

CVE-2017-177359.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

CVE-2017-10004539.8

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthentic...