PT-2019-19343 · Cms Made Simple · Cms Made Simple

Published

2019-03-26

Updated

2019-03-27

CVE-2019-9059

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.8

Description An issue allows command injection with an administrator account by modifying the path of the e-mail executable in Mail Settings. This is achieved by setting "sendmail" in the "Mailer" option and launching the "Forgot your password" feature.

Recommendations For CMS Made Simple version 2.2.8, consider disabling the "Forgot your password" feature until a patch is available to prevent command injection. Restrict access to the Mail Settings to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2019-9059

Affected Products

Cms Made Simple

PT-2019-19343 · Cms Made Simple · Cms Made Simple

CVE-2019-9059

Weakness Enumeration

Related Identifiers

Affected Products

References · 4