CVE-2019-9057
8.8HIGHAn issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Veröffentlicht: 3/26/2019Aktualisiert: 11/21/2024
Beschreibung
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
KI-AnalyseKI-gestützt
Betroffene Produkte
cmsmadesimplecms_made_simple
Referenzen
- https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwgRelease NotesVendor Advisory
- https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-SpuzzumRelease NotesVendor Advisory
- https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwgRelease NotesVendor Advisory
- https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-SpuzzumRelease NotesVendor Advisory