What is CVE-2019-9053?

CVE-2019-9053 is a vulnerability in N/a. Published 2019-03-26.

Is CVE-2019-9053 known to be exploited?

118 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

e-renna/CVE-2019-9053
Mahamedm/CVE-2019-9053-Exploit-Python-3
Dh4nuJ4/SimpleCTF-UpdatedExploit
ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit
h3x0v3rl0rd/CVE-2019-9053
Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053
paulameg/SimpleCTF-THM-Walkthrough
paulameg/SimpleCTF-THM-Relatory
Perseus99999/CVE-2019-9053-working-
JagdeepSinghCeh/cms-made-simple-python3

References

www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum
newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg
46635 (exploit)
packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html
github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.py

Frequently asked questions

What is CVE-2019-9053?: CVE-2019-9053 is a vulnerability in N/a. Published 2019-03-26.
Is CVE-2019-9053 known to be exploited?: 118 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.