CVE-2024-57546

Name of the Vulnerable Software and Affected Versions CMSimple version 5.16

Description The issue in CMSimple is related to insufficient protection of internal data in the link validation function. This can be exploited by a remote attacker to obtain sensitive information via a crafted script. The vulnerability may also allow an attacker to perform a Server-Side Request Forgery (SSRF) attack.

Recommendations For CMSimple version 5.16, consider disabling the validate link function as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.