Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
- http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/AlienTec1908/RoosterRun_HackMyVM_Easy