CVE-2019-9057

EUVD-2019-18443
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
cmsmadesimplecms_made_simple
𝑥
≤ 2.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum