header-logo
Suggest Exploit
vendor:
CMSimple
by:
Ahmet Ümit BAYRAM
6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: CMSimple
Affected Version From: 5.15
Affected Version To: 5.15
Patch Exists: NO
Related CWE:
CPE: a:cmsimple:cmsimple:5.15
Metasploit:
Other Scripts:
Platforms Tested: MacOS
2024

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

Mitigation:

To mitigate this vulnerability, restrict file upload permissions, validate file extensions, and sanitize user inputs to prevent command injection. Regular security updates and monitoring for unauthorized file uploads are recommended.
Source

Exploit-DB raw data:

# Exploit Title: CMSimple 5.15 - Remote Command Execution
# Date: 04/28/2024
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.cmsimple.org
# Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
# Version: latest
# Tested on: MacOS

# Log in to SimpleCMS.
# Go to Settings > CMS
# Append ",php" to the end of the Extensions_userfiles field and save it.
# Navigate to Files > Media
# Select and upload shell.php
# Your shell is ready: https://{url}/userfiles/media/shell.php

Navigation

Suggest Exploit

Services By CQR