22 matches found
EUVD-2019-18443
Malware in sbrugna...
600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
Design/Logic Flaw
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
CVE-2019-9061
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...
CVE-2019-9058
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...
CVE-2019-9057
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...
CVE-2019-9061
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...
CVE-2019-9057
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...
Design/Logic Flaw
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...
Design/Logic Flaw
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...
CVE-2019-9061
CMS Made Simple v2.2.8 is affected via the ModuleManager’s action.installmodule.php where an unserialize call with untrusted input can be triggered, enabling authenticated object injection when using the "install module" feature. This is supported across multiple sources (NVD/CVE-2019-9061 and PT...
CVE-2019-9061
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...
CVE-2019-9058
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...
CVE-2019-9058
CMS Made Simple 2.2.8 has a vulnerability in the administrator page admin/changegroupperm.php where sending a crafted value in the sel_groups parameter enables authenticated object injection. The issue affects the affected component/functionality and is consistent with the CVSS metrics reported (...
CVE-2019-9057
CVE-2019-9057 affects CMS Made Simple 2.2.8 in the FilePicker module, where an unserialize call with an untrusted parameter allows authenticated object injection. NVD notes a CVSS2 base score of 6.5 and CVSS3.1 base score of 8.8 (high). Connected sources reference a fixed release in CMS Made Simp...
CVE-2019-9057
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...
PT-2019-19344 · Cms Made Simple · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the ModuleManager module, specifically in the action.installmodule.php file, where it is possible to reach an unserialize call with untrusted input. This can lead to...