CVE-2007-6656

SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type Values Removed Values Added
References () http://blog.cmsmadesimple.org/2008/01/02/announcing-cms-made-simple-123/ - () http://blog.cmsmadesimple.org/2008/01/02/announcing-cms-made-simple-123/ -
References () http://forum.cmsmadesimple.org/index.php/topic%2C18240.0.html - () http://forum.cmsmadesimple.org/index.php/topic%2C18240.0.html -
References () http://osvdb.org/39788 - () http://osvdb.org/39788 -
References () http://secunia.com/advisories/28285 - () http://secunia.com/advisories/28285 -
References () http://www.securityfocus.com/bid/27074 - () http://www.securityfocus.com/bid/27074 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39311 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39311 -
References () https://www.exploit-db.com/exploits/4810 - () https://www.exploit-db.com/exploits/4810 -

07 Nov 2023, 02:01

Type Values Removed Values Added
References
  • {'url': 'http://forum.cmsmadesimple.org/index.php/topic,18240.0.html', 'name': 'http://forum.cmsmadesimple.org/index.php/topic,18240.0.html', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://forum.cmsmadesimple.org/index.php/topic%2C18240.0.html -

Information

Published : 2008-01-04 11:46

Updated : 2024-11-21 00:40


NVD link : CVE-2007-6656

Mitre link : CVE-2007-6656

CVE.ORG link : CVE-2007-6656


JSON object : View

Products Affected

cmsmadesimple

  • cms_made_simple
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')