CVE-2017-6070

Published: Feb 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

Affected (2)

Products: Cmsmadesimple: Form Builder, Cms Made Simple

Cmsmadesimple

2 products

Form Builder

Cms Made Simple

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Form Builder	Up to 0.8.1.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Up to 1.12.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://dev.cmsmadesimple.org/project/files/69

Source: cve@mitre.org

Product

https://daylight-it.com/security-advisory-dlcs0001.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://dev.cmsmadesimple.org/project/files/69

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://daylight-it.com/security-advisory-dlcs0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.