Vulnerabilities > CVE-2019-9055 - Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cmsmadesimple
CWE-502
metasploit
NVD
Published: 2019-03-26
Updated: 2020-08-24

Summary

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.

Vulnerable Configurations

Part Description Count
Application
Cmsmadesimple
145

Common Weakness Enumeration (CWE)

Metasploit

descriptionAn issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.
idMSF:EXPLOIT/MULTI/HTTP/CMSMS_OBJECT_INJECTION_RCE
last seen2020-06-14
modified2019-11-13
published2019-11-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/cmsms_object_injection_rce.rb
titleCMS Made Simple Authenticated RCE via object injection

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155322/cmsms_object_injection_rce.rb.txt
idPACKETSTORM:155322
last seen2019-11-14
published2019-11-13
reporterDaniele Scanu
sourcehttps://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html
titleCMS Made Simple 2.2.8 Remote Code Execution

References