Lucene search
AttackerKBAKB:25CB51B6-102D-495A-B744-7CF120799F91HistoryMar 26, 2019 - 12:00 a.m.
CVE-2019-9053
2019-03-2600:00:00
attackerkb.com
41
EPSS
0.009
Percentile
83.1%
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Recent assessments:
Leafry at January 18, 2021 11:27pm UTC reported:
This exploit is ok. When running on my attack box I had to modify the code. Not the worse case. Just a few commands threw syntax errors. In the end the CVE was able to provide a salt and hash that gave me credentials to get into the box.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3
Related
nvd
nvd
CVE-2019-9053
2019-03-26 17:29:01
exploitpack
exploitpack
CMS Made Simple 2.2.10 - SQL Injection
2019-04-02 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Cmsmadesimple Cms Made Simple
2021-05-14 03:59:53
Exploit for SQL Injection in Cmsmadesimple Cms Made Simple
2021-07-18 20:37:30
exploitdb
exploitdb
CMS Made Simple < 2.2.10 - SQL Injection
2019-04-02 00:00:00
packetstorm
packetstorm
CMS Made Simple SQL Injection
2019-04-02 00:00:00
cvelist
cvelist
CVE-2019-9053
2019-03-26 16:15:38
cve
cve
CVE-2019-9053
2019-03-26 17:29:01
prion
prion
Sql injection
2019-03-26 17:29:00
zdt
zdt
CMS Made Simple < 2.2.10 - SQL Injection Exploit
2019-04-02 00:00:00
srcincite
srcincite