PT-2019-19343 · Cms Made Simple · Cms Made Simple

Publicado

2019-03-26

Atualizado

2019-03-27

CVE-2019-9059

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.8

Description An issue allows command injection with an administrator account by modifying the path of the e-mail executable in Mail Settings. This is achieved by setting "sendmail" in the "Mailer" option and launching the "Forgot your password" feature.

Recommendations For CMS Made Simple version 2.2.8, consider disabling the "Forgot your password" feature until a patch is available to prevent command injection. Restrict access to the Mail Settings to minimize the risk of exploitation.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2019-9059

Produtos afetados

Cms Made Simple

PT-2019-19343 · Cms Made Simple · Cms Made Simple

CVE-2019-9059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4