2 matches found
CVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrpformaformtemplate parameter in adminstoreform...
CVE-2017-6070
CMS Made Simple’s Form Builder (version 1.x) is affected up to 0.8.1.5, with a remote PHP code execution vulnerability exploitable via the cntnt01fbrp_forma_form_template parameter in admin_store_form. The root cause is improper handling of that parameter, enabling arbitrary code execution on the...