An issue exists in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cmsmadesimple cms made simple |