Created on 2025-01-24 07:54 and updated on 2025-01-24 07:56.

Description

Vulnerabilities in CMSimple 5.16 leading to RCE

• CVE-2024-57546 - An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
• CVE-2024-57547 - Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
• CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page.
• CVE-2024-57549 - CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.

Original research

https://github.com/h4ckr4v3n/cmsimple5.16_research

Vulnerabilities included in this bundle

• CVE-2024-57546: An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validat...
• CVE-2024-57547: Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a cra...
• CVE-2024-57549: CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a G...
• CVE-2024-57548:

Meta

[
   {
      ref: [
         "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb",
         "https://github.com/h4ckr4v3n/cmsimple5.16_research",
      ],
   },
]

Author

Cédric Bonhomme

---

Combined sightings