First published: Tue Mar 26 2019(Updated: )
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cmsmadesimple Cms Made Simple | <=2.2.8 | |
<=2.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.