Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2019-9692

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

Published: Mar 11, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-9692
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	-	2.2.10

http://packetstormsecurity.com/files/152269/CMS-Made-Simple-CMSMS-Showtime2-File-Upload-Remote-Command-Execution.html
http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_image.php&rev=47
http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285
https://www.exploit-db.com/exploits/46546/
https://www.exploit-db.com/exploits/46627/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo