2014-03-05 17:37:41 2014-03-07 20:43:02

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Cisco IOS 12.2 (14)ZA8 Cisco IOS 12.2 (15)T5 Cmsmadesimple Cms made simple 1.11.7 (not an official CPE) Cmsmadesimple Cms made simple 1.11.8 (not an official CPE) Cmsmadesimple Cms made simple 1.11.5 (not an official CPE) Cmsmadesimple Cms made simple 1.11.6 (not an official CPE) Cmsmadesimple Cms made simple 1.11.3 (not an official CPE) Cmsmadesimple Cms made simple 1.11.1 (not an official CPE) Cisco IOS 12.2 (15)MC1 Cmsmadesimple Cms made simple 1.11.4 (not an official CPE) Cisco IOS 12.2 (14)SZ Cisco IOS 12.2 (15)JK5 Cmsmadesimple Cms made simple 1.11.2 (not an official CPE) Cisco IOS 12.2 (15)MC2c Cmsmadesimple Cms made simple 1.10 (not an official CPE) Cisco IOS 12.2 (14)ZA2 Cisco IOS 12.2 (14)SU2 Cisco IOS 12.2 (14)ZA Cmsmadesimple Cms made simple 1.11 (not an official CPE) Cisco IOS 12.2 (15)T Cisco IOS 12.2 (15)T17 Cisco IOS 12.2 (14)SZ2 Cisco IOS 12.2 (15)SL1 Cisco IOS 12.2 (14)S15 Cisco IOS 12.2 (15)T16 Cisco IOS 12.2(15)T8 Cisco IOS 12.2 (15)ZJ1 Cisco IOS 12.2 (15)ZJ2 Cisco IOS 12.2 (15)CZ3 Cisco IOS 12.2 (15)YS Cisco IOS 12.2(15)T9 Cisco IOS 12.2(15)ZJ Cisco IOS 12.2 (15)XR Cisco IOS 12.2 (15)JK2 Cisco IOS 12.2 (15)MC2e Cisco IOS 12.2(15)T7 Cisco IOS 12.2 (15)T15 Cisco IOS 12.2 (15)BZ Cisco IOS 12.2 (15)CX Cisco IOS 12.2 (15)JK4 Cisco IOS 12.2 (15)BC2f Cisco IOS 12.2 (15)XR2 Cisco IOS 12.2 (15)BC2i Cisco IOS 12.2 (14.5)T Cisco IOS 12.2 (15)ZK Cisco IOS 12.2 (15)BC Cisco IOS 12.2 (15)YS_1.2(1) Cisco IOS 12.2 (15)BC1 Cisco IOS 12.2 (15)B Cisco IOS 12.2 (15)BC1f Cisco IOS 12.2 (15)BC2h Cmsmadesimple Cms made simple 1.10.3 (not an official CPE) Cmsmadesimple Cms made simple 1.10.2 (not an official CPE) Cmsmadesimple Cms made simple 1.11.2.1 (not an official CPE) Cmsmadesimple Cms made simple 1.11.9 (not an official CPE) Cisco IOS 12.2 (14)SZ1 Cisco IOS 12.2 (14)SY03 Cisco IOS 12.2 (14.5) Cmsmadesimple Cms made simple 1.10.1 (not an official CPE) Cisco IOS 12.2 (15)BX Cisco IOS 12.2 (15)ZJ3 Cisco IOS 12.2 (14)SY Cisco IOS 12.2 (14)SX1 Cisco IOS 12.2 (14)SY1