CVE-2024-57548

Name of the Vulnerable Software and Affected Versions CMSimple version 5.16

Description The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to gain unauthorized access to protected information by sending a specially crafted GET request. The vulnerability also allows a user to edit the log.php file via the print page.

Recommendations For CMSimple version 5.16, consider restricting access to the print page to prevent unauthorized editing of the log.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.