Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2245

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2014-2245
Last Modified 07 Mar 2014 02:43:02
Published 05 Mar 2014 11:37:41
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2245

Summary

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Cmsmadesimple Cms Made Simple 0.1

  • Cmsmadesimple Cms Made Simple 0.10

  • Cmsmadesimple Cms Made Simple 0.10.1

  • Cmsmadesimple Cms Made Simple 0.10.2

  • Cmsmadesimple Cms Made Simple 0.10.3

  • Cmsmadesimple Cms Made Simple 0.10.4

  • Cmsmadesimple Cms Made Simple 0.11

  • Cmsmadesimple Cms Made Simple 0.11.1

  • Cmsmadesimple Cms Made Simple 0.11.2

  • Cmsmadesimple Cms Made Simple 0.12

  • Cmsmadesimple Cms Made Simple 0.12.1

  • Cmsmadesimple Cms Made Simple 0.12.2

  • Cmsmadesimple Cms Made Simple 0.13

  • Cmsmadesimple Cms Made Simple 0.2

  • Cmsmadesimple Cms Made Simple 0.2.1

  • Cmsmadesimple Cms Made Simple 0.3

  • Cmsmadesimple Cms Made Simple 0.3.1

  • Cmsmadesimple Cms Made Simple 0.3.2

  • Cmsmadesimple Cms Made Simple 0.4

  • Cmsmadesimple Cms Made Simple 0.4.1

  • Cmsmadesimple Cms Made Simple 0.5

  • Cmsmadesimple Cms Made Simple 0.5.1

  • Cmsmadesimple Cms Made Simple 0.6

  • Cmsmadesimple Cms Made Simple 0.6.1

  • Cmsmadesimple Cms Made Simple 0.6.2

  • Cmsmadesimple Cms Made Simple 0.6.3

  • Cmsmadesimple Cms Made Simple 0.7

  • Cmsmadesimple Cms Made Simple 0.7.1

  • Cmsmadesimple Cms Made Simple 0.7.2

  • Cmsmadesimple Cms Made Simple 0.7.3

  • Cmsmadesimple Cms Made Simple 0.8

  • Cmsmadesimple Cms Made Simple 0.8.1

  • Cmsmadesimple Cms Made Simple 0.8.2

  • Cmsmadesimple Cms Made Simple 0.9

  • Cmsmadesimple Cms Made Simple 0.9.1

  • Cmsmadesimple Cms Made Simple 0.9.2

  • Cmsmadesimple Cms Made Simple 1.0

  • Cmsmadesimple Cms Made Simple 1.0.1

  • Cmsmadesimple Cms Made Simple 1.0.2

  • Cmsmadesimple Cms Made Simple 1.0.3

  • Cmsmadesimple Cms Made Simple 1.0.4

  • Cmsmadesimple Cms Made Simple 1.0.5

  • Cmsmadesimple Cms Made Simple 1.0.6

  • Cmsmadesimple Cms Made Simple 1.1

  • Cmsmadesimple Cms Made Simple 1.1.1

  • Cmsmadesimple Cms Made Simple 1.1.2

  • Cmsmadesimple Cms Made Simple 1.1.3

  • Cmsmadesimple Cms Made Simple 1.1.3.1

  • Cmsmadesimple Cms Made Simple 1.1.4

  • Cmsmadesimple Cms Made Simple 1.10

  • Cmsmadesimple Cms Made Simple 1.10.1

  • Cmsmadesimple Cms Made Simple 1.10.2

  • Cmsmadesimple Cms Made Simple 1.10.3

  • Cmsmadesimple Cms Made Simple 1.11

  • Cmsmadesimple Cms Made Simple 1.11.1

  • Cmsmadesimple Cms Made Simple 1.11.2

  • Cmsmadesimple Cms Made Simple 1.11.2.1

  • Cmsmadesimple Cms Made Simple 1.11.3

  • Cmsmadesimple Cms Made Simple 1.11.4

  • Cmsmadesimple Cms Made Simple 1.11.5

  • Cmsmadesimple Cms Made Simple 1.11.6

  • Cmsmadesimple Cms Made Simple 1.11.7

  • Cmsmadesimple Cms Made Simple 1.11.8

  • Cmsmadesimple Cms Made Simple 1.11.9


References

BID - 65953

SECUNIA - 56996

MLIST - [oss-security] 20140301 Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10

CONFIRM - http://dev.cmsmadesimple.org/project/changelog/4602


Last Updated: 27 May 2016 11:04:34