CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

CVE-2021-47734

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

EUVD-2021-30649

Malicious code in bioql PyPI...

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...

Directory traversal

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...

CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting XSS via the file upload feature...

Cross site scripting

CMSimple 5.4 is vulnerable to Cross Site Scripting XSS via the file upload feature...

CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting XSS via the file upload feature...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

CMSimple 5.4 - Local file inclusion to Remote code execution Exploit

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Date: 11/15/2021 Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

Cmsimple 5.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests parser=...