248 matches found
CMSimple 安全漏洞
CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...
CVE-2024-57547
CMSimple v5.16 is affected by an Insecure Permissions vulnerability in the backup file download functionality. A crafted script can exploit improper permissions to obtain sensitive information from backup PHP files. The issue is documented across multiple sources (including PT-2025-3468) and is d...
CVE-2024-57548
CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...
CVE-2024-57546
CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...
CVE-2024-57549
CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...
PT-2025-3468 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to insecure permissions in the file download functionality of the backup system, allowing a remote attacker to obtain sensitive information. This can be achieved through a crafted script...
PT-2025-3467 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue in CMSimple is related to insufficient protection of internal data in the link validation function. This can be exploited by a remote attacker to obtain sensitive information via a crafted script...
PT-2025-3469 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to gain unauthorized access to protected information by sending a specially...
PT-2025-3470 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue allows a user to read the CMS source code by manipulating the file name in the file parameter of a GET request. This is due to incorrect restriction of the path name to a directory with limited...
CMSimple 5.15 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: CMSimple 5.15 - Remote Command Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CMS Append ",php" t...
CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
PT-2024-25247 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...
CMSimple 安全漏洞
CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...
PT-2024-25246 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...