PT-2020-12282 · Cms Made Simple · Cms Made Simple

Joshua Provoste

Published

2020-03-20

Updated

2021-06-05

CVE-2020-10682

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.2.13

Description The issue allows remote code execution via a specially crafted .php.jpegd JPEG file. This can be achieved by sending a file as application/octet-stream to the admin/moduleinterface.php endpoint, specifically using the m1 files[] parameter. The file does not need to be a valid JPEG, but it should contain PHP code.

Recommendations For CMS Made Simple version 2.2.13, consider restricting access to the admin/moduleinterface.php endpoint to minimize the risk of exploitation, and avoid using the m1 files[] parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-10682

Affected Products

Cms Made Simple

PT-2020-12282 · Cms Made Simple · Cms Made Simple

CVE-2020-10682

Weakness Enumeration

Related Identifiers

Affected Products

References · 4