PT-2022-11904 · Cmsimple · Cmsimple

S1Lv3R

Published

2022-04-13

Updated

2022-04-20

CVE-2021-43741

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4

Description The issue exists due to a Directory Traversal vulnerability. This occurs when a user changes the file name to a malicious file on config.php, leading to remote code execution.

Recommendations For CMSimple version 5.4, update to a version that fixes the Directory Traversal vulnerability to prevent remote code execution. As a temporary workaround, consider restricting access to the config.php file to minimize the risk of exploitation.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-43741

Affected Products

Cmsimple

PT-2022-11904 · Cmsimple · Cmsimple

CVE-2021-43741

Weakness Enumeration

Related Identifiers

Affected Products

References · 6