Command Injection Vulnerability in CMS Made Simple 2.2.8

Command Injection Vulnerability in CMS Made Simple 2.2.8

CVE-2019-9059 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.

Learn more about our Cms Pen Testing.