CVE-2019-9057
First published: Tue Mar 26 2019(Updated: )
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | <=2.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9057?
CVE-2019-9057 is a vulnerability discovered in CMS Made Simple 2.2.8 that allows for authenticated object injection through an unserialize call with an untrusted parameter in the FilePicker module.
How severe is CVE-2019-9057?
CVE-2019-9057 has a severity keyword of 'high' and a severity value of 8.8 out of 10.
What software versions are affected by CVE-2019-9057?
CVE-2019-9057 affects all versions up to and including CMS Made Simple 2.2.8.
How can I fix CVE-2019-9057?
To fix CVE-2019-9057, upgrade to the latest version of CMS Made Simple (v2.2.10) as recommended by the official CMS Made Simple website.
What is the CWE ID for CVE-2019-9057?
The CWE ID for CVE-2019-9057 is CWE-502 and CWE-915.
- collector/nvd-index
- agent/references
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/tags
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.8