SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
References
Configurations
History
21 Nov 2024, 00:40
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.cmsmadesimple.org/2008/01/02/announcing-cms-made-simple-123/ - | |
References | () http://forum.cmsmadesimple.org/index.php/topic%2C18240.0.html - | |
References | () http://osvdb.org/39788 - | |
References | () http://secunia.com/advisories/28285 - | |
References | () http://www.securityfocus.com/bid/27074 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/39311 - | |
References | () https://www.exploit-db.com/exploits/4810 - |
07 Nov 2023, 02:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2008-01-04 11:46
Updated : 2024-11-21 00:40
NVD link : CVE-2007-6656
Mitre link : CVE-2007-6656
CVE.ORG link : CVE-2007-6656
JSON object : View
Products Affected
cmsmadesimple
- cms_made_simple
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')