CMSimple 5.16 vulnerabilities leading to RCE

Created on 2025-01-24 07:54, updated on 2025-01-24 07:56, by CĂ©dric Bonhomme
JSON
Description

Vulnerabilities in CMSimple 5.16 leading to RCE

  • CVE-2024-57546 - An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
  • CVE-2024-57547 - Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
  • CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.
  • CVE-2024-57549 - CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.

Original research

https://github.com/h4ckr4v3n/cmsimple5.16_research

Vulnerabilities included in this bundle
Meta
[
  {
    "ref": [
      "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb",
      "https://github.com/h4ckr4v3n/cmsimple5.16_research"
    ]
  }
]
Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings
Author Vulnerability Source Type Date