CVE-2019-9061

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.8

Description An issue was discovered in the ModuleManager module, specifically in the action.installmodule.php file, where it is possible to reach an unserialize call with untrusted input. This can lead to authenticated object injection by using the "install module" feature.

Recommendations For CMS Made Simple version 2.2.8, consider disabling the "install module" feature in the ModuleManager module until a patch is available to prevent authenticated object injection.

Fix

Deserialization of Untrusted Data

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-1321

Related Identifiers

CVE-2019-9061

Affected Products

Cms Made Simple

CVE-2019-9061

Weakness Enumeration

Related Identifiers

Affected Products

References · 4