CVE-2016-2784

MEDIUM

CMS Made Simple 1.x < 1.12.2 and 2.x < 2.1.3 - Cache Poisoning and Cross-Site Scripting via HTTP Host Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2784. PoCs published by Mickaël Walter.

AI-analyzed exploit summary The exploit demonstrates a web server cache poisoning vulnerability in CMS Made Simple by manipulating the Host HTTP header, leading to XSS or phishing attacks. It requires Smarty Cache to be enabled and the Host header not to be part of the server's routing process.

Description

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mickaël Walter · textwebappsphp

https://www.exploit-db.com/exploits/39760

View Code ZIP pw:eip

The exploit demonstrates a web server cache poisoning vulnerability in CMS Made Simple by manipulating the Host HTTP header, leading to XSS or phishing attacks. It requires Smarty Cache to be enabled and the Host header not to be part of the server's routing process.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CMS Made Simple < 2.1.3 and < 1.12.2

No auth needed

Prerequisites: Smarty Cache enabled · Host header not used in server routing

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/May/15

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/538272/100/0/threaded

Vendor Advisory x_refsource_confirm

http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39760/

Various Sources x_refsource_confirm

http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/

Scores

CVSS v3 4.7

EPSS 0.0245

EPSS Percentile 82.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (50)

cmsmadesimple/cms_made_simple 1.0

cmsmadesimple/cms_made_simple 1.0.1

cmsmadesimple/cms_made_simple 1.0.2

cmsmadesimple/cms_made_simple 1.0.3

cmsmadesimple/cms_made_simple 1.0.4

cmsmadesimple/cms_made_simple 1.0.5

cmsmadesimple/cms_made_simple 1.0.6

cmsmadesimple/cms_made_simple 1.0.7

cmsmadesimple/cms_made_simple 1.0.8

cmsmadesimple/cms_made_simple 1.1

... and 40 more

Published May 26, 2016

Tracked Since Feb 18, 2026