CVE-2019-9053

Опубликовано: 26 мар. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Критический

Описание

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

Ссылки

http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.py
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
Release Notes
Vendor Advisory
https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum
Release Notes
Vendor Advisory
https://www.exploit-db.com/exploits/46635/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
Release Notes
Vendor Advisory
https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum
Release Notes
Vendor Advisory
https://www.exploit-db.com/exploits/46635/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92556

Критический

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rrqg-2h39-2567