CVE-2019-9059

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.
Configurations

Configuration 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Information

Published : 2019-03-26 05:29

Updated : 2019-03-27 02:54


NVD link : CVE-2019-9059

Mitre link : CVE-2019-9059

Products Affected
No products.
CWE