CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
References
Link | Resource |
---|---|
http://dev.cmsmadesimple.org/project/files/69 | Product |
https://daylight-it.com/security-advisory-dlcs0001.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-02-21 07:59
Updated : 2024-02-04 19:11
NVD link : CVE-2017-6070
Mitre link : CVE-2017-6070
CVE.ORG link : CVE-2017-6070
JSON object : View
Products Affected
cmsmadesimple
- form_builder
- cms_made_simple
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor