What is CVE-2019-9692?

CVE-2019-9692 is a vulnerability in N/a. Published 2019-03-11.

Is CVE-2019-9692 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9692

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

EPSS: 0.593 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
certimetergroup/metasploit-modules

References

viewsvn.cmsmadesimple.org/diff.php (x_refsource_MISC)
forum.cmsmadesimple.org/viewtopic.php (x_refsource_MISC)
46546 (exploit, x_refsource_EXPLOIT-DB)
packetstormsecurity.com/files/152269/CMS-Made-Simple-CMSMS-Showtime2-File-Uploa… (x_refsource_MISC)
www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce (x_refsource_MISC)
46627 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2019-9692?: CVE-2019-9692 is a vulnerability in N/a. Published 2019-03-11.
Is CVE-2019-9692 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.