Home Tools Exploits & CVE's CMSimple 5.15 Remote Shell Upload

CMSimple 5.15 Remote Shell Upload

June 6, 2024

CMSimple version 5.15 suffers from a remote shell upload vulnerability.

# Exploit Title: CMSimple 5.15 - Remote Command Execution
# Date: 04/28/2024
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.cmsimple.org
# Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
# Version: latest
# Tested on: MacOS

# Log in to SimpleCMS.
# Go to Settings > CMS
# Append ",php" to the end of the Extensions_userfiles field and save it.
# Navigate to Files > Media
# Select and upload shell.php
# Your shell is ready: https://{url}/userfiles/media/shell.php

CMSimple 5.15 Remote Shell Upload

Follow us on Instagram @thecyberpost

EDITOR PICKS

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions

Microweber 2.0.15 Cross Site Scripting

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

POPULAR CATEGORY

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation

TotalAV 5.15.69 Unquoted Service Path