First published: Mon Mar 11 2019(Updated: )
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cmsmadesimple Cms Made Simple | <2.2.10 | |
<2.2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.