CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-9055 – CMS Made Simple Authenticated RCE via object injection
https://notcve.org/view.php?id=CVE-2019-9055
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. Se ha descubierto un problema en CMS Made Simple 2.2.8. En el módulo DesignManager (en los archivos action.admin_bulk_css.php y action.admin_bulk_template.php), con un usuario sin privilegios con el permiso Designer, es posible alcanzar una llamada no serializada con un valor manipulado en el parámetro m1_allparms y lograr inyectar objetos. • http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html https://blog.certimetergroup.com/it/articolo/security/CMS_Made_Simple_deserialization_attack_%28CVE-2019-9055%29 https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cmsms_object_injection_rce.rb • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 79%CPEs: 1EXPL: 4CVE-2019-9692 – CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-9692
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). class.showtime2_image.php en CMS Made Simple (CMSMS), en versiones anteriores a la 2.2.10, no garantiza que un archivo con marca de agua tenga una extensión de archivos estándar (GIF, JPG, JPEG o PNG). • https://www.exploit-db.com/exploits/46627 https://www.exploit-db.com/exploits/46546 http://packetstormsecurity.com/files/152269/CMS-Made-Simple-CMSMS-Showtime2-File-Upload-Remote-Command-Execution.html http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_image.php&rev=47 http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285 https://raw.githubusercontent.com/rapid7/metasploit-framework& • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9693
https://notcve.org/view.php?id=CVE-2019-9693
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). En CMS Made Simple (CMSMS), en versiones anteriores a la 2.2.10, un usuario autenticado puede lograr una inyección SQL en class.showtime2_data.php mediante las funciones _updateshow (parámetro show_id), _inputshow (parámetro show_id), _Getshowinfo (parámetro show_id), _Getpictureinfo (parámetro picture_id), _AdjustNameSeq (parámetro shownumber), _Updatepicture (parámetro picture_id) y Deletepicture (parámetro picture_id). • http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47 https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10515
https://notcve.org/view.php?id=CVE-2018-10515
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file unpack" en el dashboard de administrador contiene una vulnerabilidad de ejecución remota de código explotable por un usuario administrador debido a que puede haber un archivo .php en el archivo ZIP extraído. • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10521
https://notcve.org/view.php?id=CVE-2018-10521
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. En CMS Made Simple (CMSMS) hasta la versión 2.2.7, la operación "file move" en el dashboard de administrador contiene una vulnerabilidad de movimiento de archivos arbitrarios que puede provocar una denegación de servicio (DoS), explotable por un usuario administrador, debido a que config.php puede moverse a un directorio incorrecto. • https://github.com/itodaro/cmsms_cve/blob/master/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •