Unrated severityNVD Advisory· Published Mar 11, 2019· Updated Sep 17, 2024
CVE-2019-9693
CVE-2019-9693
Description
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.2.10
- Range: <2.2.10
Patches
Vulnerability mechanics
References
2- viewsvn.cmsmadesimple.org/diff.phpmitrex_refsource_MISC
- forum.cmsmadesimple.org/viewtopic.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.