CVE-2016-2784
published 2016-05-26CVE-2016-2784: CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify…
PriorityP430medium4.7CVSS 3.0
AVNACHPRNUIRSCCLILAN
EXPLOIT
EPSS
2.45%
82.3th percentile
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Affected
80 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.htmlhttp://seclists.org/fulldisclosure/2016/May/15http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/http://www.securityfocus.com/archive/1/538272/100/0/threadedhttps://www.exploit-db.com/exploits/39760/http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.htmlhttp://seclists.org/fulldisclosure/2016/May/15http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/http://www.securityfocus.com/archive/1/538272/100/0/threadedhttps://www.exploit-db.com/exploits/39760/
2016-05-26
Published