ID:5660 - Exploit for Code Injection in CMS Made Simple - CVE-2017-16783

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:5660 - Exploit for Code Injection in CMS Made Simple - CVE-2017-16783

ID:5660 - Exploit for Code Injection in CMS Made Simple - CVE-2017-16783

Published: June 17, 2021


Vulnerability identifier: #VU37985
Vulnerability risk: High
CVE-ID: CVE-2017-16783
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
CMS Made Simple

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.


Remediation

Install update from vendor's website.