Unrated severityNVD Advisory· Published Sep 17, 2021· Updated Aug 4, 2024
CVE-2019-9060
CVE-2019-9060
Description
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CMS Made Simple/CMS Made Simpledescription
- Range: = 2.2.8
Patches
Vulnerability mechanics
References
4- dev.cmsmadesimple.org/project/changelog/5819mitrex_refsource_CONFIRM
- forum.cmsmadesimple.org/viewtopic.phpmitrex_refsource_CONFIRM
- newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwgmitrex_refsource_CONFIRM
- www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzummitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.