CVE-2019-9053

8.1 HIGH

Published: March 26, 2019 Modified: November 17, 2025

Description

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

https://github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.py

Source: cve@mitre.org

https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg

Source: cve@mitre.org

Release Notes Vendor Advisory

https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum

Source: cve@mitre.org

Release Notes Vendor Advisory

https://www.exploit-db.com/exploits/46635/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory VDB Entry

https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://www.exploit-db.com/exploits/46635/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory VDB Entry

9 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.1 / 10.0

EPSS (Exploit Probability)

92.6%

100th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

cmsmadesimple

Related CVEs