CVE-2019-9693

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions prior to 2.2.10

Description The issue allows an authenticated user to achieve SQL Injection in the class.showtime2 data.php file via several functions, including updateshow, inputshow, Getshowinfo, Getpictureinfo, AdjustNameSeq, Updatepicture, and Deletepicture, by manipulating parameters such as show id, picture id, and shownumber.

Recommendations For CMS Made Simple versions prior to 2.2.10, update to version 2.2.10 or later to resolve the issue.