Authenticated Object Injection in CMS Made Simple 2.2.8 ModuleManager

Authenticated Object Injection in CMS Made Simple 2.2.8 ModuleManager

CVE-2019-9061 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.

Learn more about our Cms Pen Testing.