CMS Made Simple Stylesheet.PHP SQL Injection Vulnerability

Bugtraq ID:	23753
Class:	Input Validation Error
CVE:	CVE-2007-2473
Remote:	Yes
Local:	No
Published:	May 02 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Daniel Lucq is credited with the discovery of this vulnerability.
Vulnerable:	CMS Made Simple CMS Made Simple 1.05
Not Vulnerable:	CMS Made Simple CMS Made Simple 1.06

CMS Made Simple Stylesheet.PHP SQL Injection Vulnerability

CMS Made Simple is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

CMS Made Simple 1.05 is vulnerable to this issue; other versions may also be affected.

CMS Made Simple Stylesheet.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/stylesheet.php?templateid=16+AND+1=1
http://www.example.com/stylesheet.php?templateid=16+AND+1=0

CMS Made Simple Stylesheet.PHP SQL Injection Vulnerability

Solution:
The vendor released updates to address this issue. Please see the references for more information.

CMS Made Simple Stylesheet.PHP SQL Injection Vulnerability

References:

• CMS Made Simple SQL injection vulnerability (Scanit)
  
• Vendor Home Page (CMS Made Simple )