CVE-2023-7040

Name of the Vulnerable Software and Affected Versions codelyfe Stupid Simple CMS versions up to 1.2.4

Description A problematic issue was discovered in the file /file-manager/rename.php, where an unknown functionality is affected. The manipulation of the oldName argument leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. This issue can be exploited remotely.

Recommendations For versions up to 1.2.4, consider restricting access to the /file-manager/rename.php file until a fix is available, and avoid using the oldName argument in this context to minimize the risk of exploitation.