返回 CVE 浏览器

CVE-2017-17735

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1020%

EPSS Percentile17.69th

Published2017年12月18日

Last Modified2026年5月13日

Vulnerability Description

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

Affected Platforms (CPE)

📦

Cmsmadesimple

Cms Made Simple

< 2.2.5

References & Advisories

🔗 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737

🔗 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

🔗 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737

🔗 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

相关漏洞威胁

CVE-2010-466310.0

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVE-2017-167839.8

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

CVE-2017-177349.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

CVE-2017-10004539.8

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthentic...