3 matches found
CVE-2019-9060
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module in the file action.setdefaulttemplate.php with the m1filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content...
CVE-2019-9060
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module in the file action.setdefaulttemplate.php with the m1filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content...
CVE-2019-9060
CMS Made Simple 2.2.8 is affected by CVE-2019-9060 via the CGExtensions module (action.setdefaulttemplate.php) using m1_filename for unauthenticated path traversal and through action.showmessage.php with m1_prefname cg_errormsg and m1_resettodefault=1 to read arbitrary files. Impact: partial conf...