6.5
CVSSv2

CVE-2019-9693

Published: 11/03/2019 Updated: 12/03/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

In CMS Made Simple (CMSMS) prior to 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).

Vulnerability Trend

Affected Products

Vendor Product Versions
CmsmadesimpleCms Made Simple-, 0.1, 0.2, 0.2.1, 0.3, 0.3.1, 0.3.2, 0.4, 0.4.1, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.8, 0.8.1, 0.8.2, 0.9, 0.9.1, 0.9.2, 0.10, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.11, 0.11.1, 0.11.2, 0.12, 0.12.1, 0.12.2, 0.13, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.3.1, 1.1.4, 1.1.4.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3, 1.3.1, 1.4, 1.4.1, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7, 1.7.1, 1.8, 1.8.1, 1.8.2, 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.4.1, 1.9.4.2, 1.9.4.3, 1.10, 1.10.1, 1.10.2, 1.10.3, 1.11, 1.11.1, 1.11.2, 1.11.2.1, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.12, 1.12.1, 2.0, 2.0.1, 2.0.1.1, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.6