返回 CVE 瀏覽器

CVE-2017-16783

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0070%

EPSS Percentile0.30th

Published2017年11月10日

Last Modified2026年5月13日

Vulnerability Description

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

Affected Platforms (CPE)

📦

Cmsmadesimple

Cms Made Simple

= 2.1.6

References & Advisories

🔗 http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.html

🔗 https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/

🔗 http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.html

🔗 https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/

相關漏洞威脅

CVE-2010-466310.0

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVE-2017-177359.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

CVE-2017-177349.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

CVE-2017-10004539.8

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthentic...