CVE-2023-7041

Name of the Vulnerable Software and Affected Versions codelyfe Stupid Simple CMS versions up to 1.2.4

Description A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. This issue can be exploited remotely.

Recommendations For versions up to 1.2.4, as a temporary workaround, consider restricting access to the /file-manager/rename.php file until a patch is available. Avoid using the newName argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.