CVE-2019-9056

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.8

Description An issue was discovered in the module FrontEndUsers, specifically in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, where it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection.

Recommendations For CMS Made Simple version 2.2.8, consider disabling the FrontEndUsers module until a patch is available to prevent authenticated object injection. Restrict access to the class.FrontEndUsersManipulate.php and class.FrontEndUsersManipulator.php files to minimize the risk of exploitation. Avoid using the FEU cookie in the affected module until the issue is resolved.