CVE-2017-16783
published 2017-11-10CVE-2017-16783: In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.97%
94.0th percentile
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests for the 'cntnt01detailtemplate' query parameter containing Smarty template injection payloads, specifically the 'string:{php}...{/php}' construct which enables direct PHP code execution via the Smarty template engine. ↗
- →Alert on URL query strings containing 'cntnt01detailtemplate' with values beginning with 'string:' followed by '{php}' tags, indicating attempted SSTI exploitation of the Smarty engine's {php} block. ↗
- →The exploit uses backtick shell execution inside the {php} block (e.g., echo `<command>`) — look for URL-encoded backtick characters (%60) or literal backticks within the cntnt01detailtemplate parameter value. ↗
- →The exploit parses the response for output between 'tbhaxor' sentinel strings inside an <article id='main'> element — server-side responses containing 'tbhaxor' may indicate active exploitation. ↗
- ·The vulnerability is specific to CMS Made Simple version 2.1.6; the cntnt01detailtemplate parameter is only exploitable when the Smarty template engine's {php} tag is enabled (it is disabled by default in newer Smarty versions). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.htmlhttps://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.htmlhttps://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/
2017-11-10
Published