English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.113353
Category:Web application abuses
Title:CMS Made Simple < 2.2.10 Multiple Vulnerabilities
Summary:CMS Made Simple is prone to multiple vulnerabilities.
Description:Summary:
CMS Made Simple is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- CVE-2019-9692: class.showtime2_image.php does not ensure that a watermark file has a standard
image file extension.

- CVE-2019-9693: An authenticated user can achieve SQL Injection in class.showtime2_data.php via the
functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter
show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber),
_Updatepicture (parameter picture_id) and _Deletepicture (parameter picture_id).

- CVE-2019-9055: In the module DesignManager (in the files action.admin_bulk_css.php and
action.admin_bulk_template.php), with an unprivileged user with Designer permissions, it is possible
to reach an unserialize call with a crafted value in the m1_allparms parameter and achieve object
injection.

- CVE-2019-9056: In the module FrontEndUsers (in the files class.FrontEndUsersManipulate.php and
class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted
__FEU__ cookie and achieve authenticated object injection.

- CVE-2019-9057: In the module FilePicker, it is possible to reach an unserialize call with an
untrusted parameter and achieve authenticated object injection.

- CVE-2019-9058: In the administrator page admin/changegroupperm.php, it is possible to send a
crafted value in the sel_groups parameter that leads to authenticated object injection.

- CVE-2019-9059: It is possible, with an administrator account, to achieve command injection by
modifying the path of the e-mail executable in Mail Settings, setting 'sendmail' in the 'Mailer'
option and launching the 'Forgot your password' feature.

- CVE-2019-9060: It is possible to achieve unauthenticated path traversal in the CGExtensions module
(in the file action.setdefaulttemplate.php) with the m1_filename parameter, and through the
action.showmessage.php file, it is possible to read arbitrary file content (by using that path
traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

Vulnerability Impact:
Successful exploitation would allow an attacker to read sensitive
information and modify the target system.

Affected Software/OS:
CMS Made Simple through version 2.2.9.

Solution:
Update to version 2.2.10.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9692
https://www.exploit-db.com/exploits/46546/
https://www.exploit-db.com/exploits/46627/
http://packetstormsecurity.com/files/152269/CMS-Made-Simple-CMSMS-Showtime2-File-Upload-Remote-Command-Execution.html
http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_image.php&rev=47
http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285
Common Vulnerability Exposure (CVE) ID: CVE-2019-9693
http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47
Common Vulnerability Exposure (CVE) ID: CVE-2019-9055
http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html
https://blog.certimetergroup.com/it/articolo/security/CMS_Made_Simple_deserialization_attack_%28CVE-2019-9055%29
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
Common Vulnerability Exposure (CVE) ID: CVE-2019-9056
Common Vulnerability Exposure (CVE) ID: CVE-2019-9057
Common Vulnerability Exposure (CVE) ID: CVE-2019-9058
Common Vulnerability Exposure (CVE) ID: CVE-2019-9059
Common Vulnerability Exposure (CVE) ID: CVE-2019-9060
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.