Authenticated Object Injection in CMS Made Simple 2.2.8 via Untrusted FEU Cookie

CVE-2019-9056 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.

Learn more about our Cms Pen Testing.

Authenticated Object Injection in CMS Made Simple 2.2.8 via Untrusted __FEU__ Cookie

CVE-2019-9056 · MEDIUM Severity

Authenticated Object Injection in CMS Made Simple 2.2.8 via Untrusted FEU Cookie