CVEs-PoC/2019/CVE-2019-9055.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 07:34:01 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.

POC

Reference

http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html

Github

https://github.com/ARPSyndicate/cve-scores
https://github.com/AlienTec1908/RoosterRun_HackMyVM_Easy

921 B Raw Blame History

CVE-2019-9055

Description

POC

Reference

Github

921 B

Raw Blame History