Unauthenticated Path Traversal Vulnerability in CMS Made Simple
CVE-2019-9060

7.5HIGH

Key Information:

Vendor
Cmsmadesimple
Status
Cms Made Simple
Vendor
CVE Published:
17 September 2021

Summary

An unauthenticated path traversal vulnerability exists in CMS Made Simple version 2.2.8, specifically within the CGExtensions module. This issue allows attackers to exploit the 'm1_filename' parameter in 'action.setdefaulttemplate.php' to access restricted file paths. Additionally, the vulnerability permits access to arbitrary file content through 'action.showmessage.php' by utilizing the traversal capabilities while manipulating 'm1_prefname' and setting 'm1_resettodefault' to 1. This flaw poses a significant risk as it enables unauthorized data exposure.

References

https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made...
x_refsource_CONFIRM
http://dev.cmsmadesimple.org/project/changelog/5819
x_refsource_CONFIRM
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinv...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.