CVE-2019-9055

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
Configurations

Configuration 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Information

Published : 2019-03-26 05:29

Updated : 2020-08-24 05:37


NVD link : CVE-2019-9055

Mitre link : CVE-2019-9055

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data