CVE-2017-17734

CRITICAL

CMS Made Simple < 2.2.5 - Exposure of Sensitive Information via Session Cache

Title source: llm
STIX 2.1

Description

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737
Issue Tracking, Vendor Advisory x_refsource_confirm
https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa

Scores

CVSS v3 9.8
EPSS 0.0027
EPSS Percentile 51.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
cmsmadesimple/cms_made_simple < 2.2.5
Published Dec 18, 2017
Tracked Since Feb 18, 2026