SQL Injection Vulnerability in CMS Made Simple by CMS Made Simple
CVE-2019-9693

8.8HIGH

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 11 March 2019

Summary

In CMS Made Simple prior to version 2.2.10, an authenticated user can exploit SQL Injection vulnerabilities through specific functions in the class.showtime2_data.php file. These vulnerabilities are present in multiple functions including _updateshow, _inputshow, and _Getshowinfo, allowing for unauthorized database queries that can lead to data exposure or modification.

References

https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285

x_refsource_MISC

http://viewsvn.cmsmadesimple.org/diff.php?repname=showtim...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 11, 2019