CVEブラウザに戻る

CVE-2017-17734

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1350%

EPSS Percentile15.24th

Published2017年12月18日

Last Modified2026年5月13日

Vulnerability Description

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

Affected Platforms (CPE)

📦

Cmsmadesimple

Cms Made Simple

< 2.2.5

References & Advisories

🔗 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737

🔗 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

🔗 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737

🔗 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

関連する脆弱性情報

CVE-2010-466310.0

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVE-2017-167839.8

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

CVE-2017-177359.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

CVE-2017-10004539.8

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthentic...