CVE-2019-9055
published 2019-03-26CVE-2019-9055: An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with…
PriorityP264high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
12.50%
95.7th percentile
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | <= 2.2.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the DesignManager module endpoints (action.admin_bulk_css.php, action.admin_bulk_template.php) for the presence of the m1_allparms parameter containing serialized PHP object payloads (e.g., values beginning with 'O:' or 'a:' typical of PHP serialization). ↗
- →Exploitation requires an authenticated session with Designer-level privileges; alert on Designer-role accounts making POST requests to DesignManager bulk action endpoints. ↗
- →Affected versions include CMS Made Simple 2.2.6, 2.2.7, 2.2.8, 2.2.9, and 2.2.9.1; prioritize detection on installations running these versions. ↗
- ·Exploitation is limited to authenticated users holding the Designer role; unauthenticated exploitation is not possible. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.htmlhttps://blog.certimetergroup.com/it/articolo/security/CMS_Made_Simple_deserialization_attack_%28CVE-2019-9055%29https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzumhttp://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.htmlhttps://blog.certimetergroup.com/it/articolo/security/CMS_Made_Simple_deserialization_attack_%28CVE-2019-9055%29https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum
2019-03-26
Published