CVE-2019-9055

2019-03-26T17:29:00
ID CVE-2019-9055
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.