CVE-2019-9057

High

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted…

mitre·CWE-502·Published 2019-03-26

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

192 chars

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

NVDen

192 chars

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

Se ha descubierto un problema en CMS Made Simple 2.2.8. En el módulo FilePicker, es posible alcanzar una llamada no serializada con un parámetro no fiable y lograr inyectar objetos autenticados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H