CVE-2024-57547

Name of the Vulnerable Software and Affected Versions CMSimple version 5.16

Description The issue is related to insecure permissions in the file download functionality of the backup system, allowing a remote attacker to obtain sensitive information. This can be achieved through a crafted script that manipulates the download functionality of php backup files. The vulnerability is associated with incorrect permission assignment for a critical resource, which can enable an attacker to gain unauthorized access to protected information and execute arbitrary code.

Recommendations For CMSimple version 5.16, consider disabling the backup file download functionality until a patch is available to prevent exploitation. Restrict access to critical resources to minimize the risk of unauthorized information disclosure. Avoid using the vulnerable functionality to download php backup files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.