2 matches found
CVE-2014-2245
SQL injection vulnerability in the News module in CMS Made Simple CMSMS before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third...
CVE-2014-2245
The CVE-2014-2245 entry concerns a SQL injection in the News module of CMS Made Simple (CMSMS). The vulnerability affects CMSMS prior to version 1.11.10 and can be triggered by remote authenticated users who hold the Modify News permission, via the sortby parameter to admin/moduleinterface.php. T...