CMS Made Simple <= 1.2.2 (content_css.php) SQL Injection Vulnerability
Description:
CMS Made Simple contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ‘modules/TinyMCE/content_css.php’ script not properly sanitizing user-supplied input to the ‘templateid’ parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
References:
Disclosure Date:
December 30, 2007