描述
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
AI分析AI驱动
受影响产品
cmsmadesimplecms_made_simple
参考资料
- https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwgRelease NotesVendor Advisory
- https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-SpuzzumRelease NotesVendor Advisory
- https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwgRelease NotesVendor Advisory
- https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-SpuzzumRelease NotesVendor Advisory