Vulnerability Details : CVE-2019-9692
Public exploit exists!
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
Products affected by CVE-2019-9692
- cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9692
71.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-9692
-
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
Disclosure Date: 2019-03-11First seen: 2020-04-26exploit/multi/http/cmsms_showtime2_rceThis module exploits a File Upload vulnerability that lead in a RCE in Showtime2 module (<= 3.6.2) in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, whe
CVSS scores for CVE-2019-9692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-9692
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9692
-
https://www.exploit-db.com/exploits/46546/
CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File UploadExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/152269/CMS-Made-Simple-CMSMS-Showtime2-File-Upload-Remote-Command-Execution.html
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution ≈ Packet StormExploit;VDB Entry;Third Party Advisory
-
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285
CMS Made Simple Forums • View topic - Announcing CMS Made Simple v2.2.10 - SpuzzumVendor Advisory
-
https://www.exploit-db.com/exploits/46627/
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_image.php&rev=47
WebSVN - showtime2 - Diff - Rev 14 and 47 - /trunk/lib/class.showtime2_image.phpPatch;Vendor Advisory
-
http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce
CMS Made Simple (CMSMS) Showtime2 File Upload RCE | Rapid7Third Party Advisory
Jump to