{"uuid": "f16e4486-bb1e-424d-9c5e-24cd9c0be4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "CMSimple 5.16 vulnerabilities leading to RCE", "description": "#### Vulnerabilities in CMSimple 5.16 leading to RCE\n\n* CVE-2024-57546 - An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.\n* CVE-2024-57547 - Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.\n* CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.\n* CVE-2024-57549 - CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.\n\n#### Original research\n\n[https://github.com/h4ckr4v3n/cmsimple5.16_research](https://github.com/h4ckr4v3n/cmsimple5.16_research)", "creation_timestamp": "2025-01-24T07:54:26.591700+00:00", "timestamp": "2025-01-24T07:56:51.051542+00:00", "related_vulnerabilities": ["CVE-2024-57546", "CVE-2024-57547", "CVE-2024-57549", "CVE-2024-57548"], "meta": [{"ref": ["https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb", "https://github.com/h4ckr4v3n/cmsimple5.16_research"]}], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}