SQL Injection Vulnerability in CMS Made Simple (CMSMS) News Module

SQL Injection Vulnerability in CMS Made Simple (CMSMS) News Module

CVE-2014-2245 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Learn more about our Cms Pen Testing.