CMS Made Simple 2.2.19 Server-Side Template Injection

CMS Made Simple 2.2.19 Server-Side Template Injection: Posted Feb 22, 2024; Authored by tmrswrr; CMS Made Simple version 2.2.19 suffers from a server-side template injection vulnerability.; tags | exploit; SHA-256 | 678bb66608e7b41c5cd05528ea7219cf35638614441463568f81ba0d9dab3df4; Download | Favorite | View

CMS Made Simple 2.2.19 Server-Side Template Injection

# Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI
# Date: 2024-21-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple


1 ) log in as admin and go to Layout > Design Manager > Breadcrumbs
2 ) Click edit and write SSTI payload : {7*7} , {$smarty.version},{{7*7}}    
3 ) After click Apply > Submit
4 ) Go to home page > https://127.0.0.1/CMS_Made_Simple/index.php?page=templates-and-stylesheets
will be see : 49 class="breadcrumbs"

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CMS Made Simple 2.2.19 Server-Side Template Injection

CMS Made Simple 2.2.19 Server-Side Template Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CMS Made Simple 2.2.19 Server-Side Template Injection

Share This

CMS Made Simple 2.2.19 Server-Side Template Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems