Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability SQL injection

2) Vulnerability Description

The affected software is vulnerable to SQL injection via the m1_sortby POST parameter of the News module, reachable via
the moduleinterface.php page.
The `sortby` parameter is sanitized by replacing the `’` with the `_` character, anyway it is…
Read More – Full Disclosure


By |2021-03-19T17:18:45-04:00March 19th, 2021|