CVE-2019-9061

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Configurations

Configuration 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Information

Published : 2019-03-26 05:29

Updated : 2022-12-02 07:22


NVD link : CVE-2019-9061

Mitre link : CVE-2019-9061

Products Affected
No products.
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-502

Deserialization of Untrusted Data