2 matches found
CVE-2019-9058
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...
CVE-2019-9058
CMS Made Simple 2.2.8 has a vulnerability in the administrator page admin/changegroupperm.php where sending a crafted value in the sel_groups parameter enables authenticated object injection. The issue affects the affected component/functionality and is consistent with the CVSS metrics reported (...