CVE-2017-6070

EUVD-2017-15137
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
cmsmadesimpleform_builder
𝑥
≤ 0.8.1.5
cmsmadesimplecms_made_simple
𝑥
≤ 1.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev.cmsmadesimple.org/project/files/69
https://daylight-it.com/security-advisory-dlcs0001.html
http://dev.cmsmadesimple.org/project/files/69
https://daylight-it.com/security-advisory-dlcs0001.html