Security Advisory

CVE-2019-9055

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-26 16:25:59

Last updated 2024-08-04 21:38:45

Assigner mitre

State PUBLISHED

Description

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.

← Browse all CVEs View on cve.org ↗