CVE-2019-9057

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
Source: NIST
CVE-2019-9057

Leave a Reply

Your email address will not be published.