An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-26T16:34:22
Updated: 2024-08-04T21:38:45.678Z
Reserved: 2019-02-23T00:00:00
Link: CVE-2019-9057
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-03-26T17:29:01.527
Modified: 2022-12-02T19:21:50.750
Link: CVE-2019-9057
Redhat
No data.