First published: Tue Mar 26 2019(Updated: )
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cmsmadesimple Cms Made Simple | <=2.2.8 | |
<=2.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9057 is a vulnerability discovered in CMS Made Simple 2.2.8 that allows for authenticated object injection through an unserialize call with an untrusted parameter in the FilePicker module.
CVE-2019-9057 has a severity keyword of 'high' and a severity value of 8.8 out of 10.
CVE-2019-9057 affects all versions up to and including CMS Made Simple 2.2.8.
To fix CVE-2019-9057, upgrade to the latest version of CMS Made Simple (v2.2.10) as recommended by the official CMS Made Simple website.
The CWE ID for CVE-2019-9057 is CWE-502 and CWE-915.