Security Advisory

CVE-2019-9060

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-17 15:47:53

Last updated 2024-08-04 21:38:46

Assigner mitre

State PUBLISHED

Description

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

← Browse all CVEs View on cve.org ↗