SQL Injection Vulnerability in CMS Made Simple by CMS Made Simple
CVE-2019-9693

8.8HIGH

Key Information:

Vendor

Cmsmadesimple

Status
Cms Made Simple
Vendor
CVE Published:
11 March 2019

What is CVE-2019-9693?

In CMS Made Simple prior to version 2.2.10, an authenticated user can exploit SQL Injection vulnerabilities through specific functions in the class.showtime2_data.php file. These vulnerabilities are present in multiple functions including _updateshow, _inputshow, and _Getshowinfo, allowing for unauthorized database queries that can lead to data exposure or modification.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285
x_refsource_MISC
http://viewsvn.cmsmadesimple.org/diff.php?repname=showtim...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.