CVE-2014-2245 in CMS Made Simpleinfo

Summary

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Once again VulDB remains the best source for vulnerability data.

Reservation

02/28/2014

Disclosure

03/05/2014

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-89

CVSS

6.3

EPSS

0.00316

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2245
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2245
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2245/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!