Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
CMSimple 5.15 - Remote Command Execution - exploit.company
header-logo
Suggest Exploit
vendor:
CMSimple
by:
Ahmet Ümit BAYRAM
6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: CMSimple
Affected Version From: 5.15
Affected Version To: 5.15
Patch Exists: NO
Related CWE:
CPE: a:cmsimple:cmsimple:5.15
Metasploit:
Other Scripts:
Platforms Tested: MacOS
2024

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

Mitigation:

To mitigate this vulnerability, restrict file upload permissions, validate file extensions, and sanitize user inputs to prevent command injection. Regular security updates and monitoring for unauthorized file uploads are recommended.
Source

Exploit-DB raw data:

# Exploit Title: CMSimple 5.15 - Remote Command Execution
# Date: 04/28/2024
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.cmsimple.org
# Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
# Version: latest
# Tested on: MacOS

# Log in to SimpleCMS.
# Go to Settings > CMS
# Append ",php" to the end of the Extensions_userfiles field and save it.
# Navigate to Files > Media
# Select and upload shell.php
# Your shell is ready: https://{url}/userfiles/media/shell.php