CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-6070

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile23.16th
Published2017年2月21日
Last Modified2026年5月13日

Vulnerability Description

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

Affected Platforms (CPE)

📦
Cmsmadesimple

Form Builder

<= 0.8.1.5
📦
Cmsmadesimple

Cms Made Simple

<= 1.12.2

References & Advisories

🔗 http://dev.cmsmadesimple.org/project/files/69
🔗 https://daylight-it.com/security-advisory-dlcs0001.html
🔗 http://dev.cmsmadesimple.org/project/files/69
🔗 https://daylight-it.com/security-advisory-dlcs0001.html

相關漏洞威脅

CVE-2017-159199.8

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-ad...

CVE-2015-94529.8

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-form...

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.