CVE-2019-9060

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.8

Description An issue was discovered in the CGExtensions module, allowing unauthenticated path traversal with the m1 filename parameter in the file action.setdefaulttemplate.php. Additionally, through the action.showmessage.php file, it is possible to read arbitrary file content by using that path traversal with m1 prefname set to cg errormsg and m1 resettodefault set to 1.

Recommendations For CMS Made Simple version 2.2.8, consider disabling the CGExtensions module until a patch is available. As a temporary workaround, restrict access to the action.setdefaulttemplate.php and action.showmessage.php files to minimize the risk of exploitation. Avoid using the m1 filename parameter in the affected module and the m1 prefname and m1 resettodefault parameters in the action.showmessage.php file until the issue is resolved.