Description
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content
Scores
CVSS v3
7.8
EPSS
0.0018
EPSS Percentile
38.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
cmsmadesimple/cms_made_simple
< 2.2
Published
Jan 02, 2018
Tracked Since
Feb 18, 2026