CMSimple Multiple Security Vulnerabilities

vendor:

CMSimple

by:

SecurityFocus

8,8

CVSS

HIGH

Multiple Security Vulnerabilities

N/A

CWE

Product Name: CMSimple

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2018

CMSimple Multiple Security Vulnerabilities

CMSimple is prone to multiple security vulnerabilities including arbitrary PHP code-execution vulnerabilities, a weak authentication security-bypass vulnerability, and other security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application. This may aid in further attacks. Additionally, any user can login to the CMSimple website with the default password 'test' and no username.

Mitigation:

Ensure that all users have strong passwords and that the default password is changed.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/68961/info

CMSimple is prone to multiple security vulnerabilities including:

1. Multiple arbitrary PHP code-execution vulnerabilities
2. A weak authentication security-bypass vulnerability
3. Multiple security vulnerabilities

An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions and execute arbitrary script code in the context of the affected application. This may aid in further attacks. 

Any user can login just with simple password "test" which is the default cms password & there own vendor site is vulnerable with weak authentication 
just login without user name & also with default password "test" here "http://cmsimple.org/2author/?Welcome_to_CMSimple&login"