CVE-2019-9058

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...

PT-2019-19342 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the administrator page "admin/changegroupperm.php" where it is possible to send a crafted value in the sel groups parameter, leading to authenticated object injection...