- Exploit Title: CMS Made Simple Version 2.2.19 - Remote Code Execution
- Release Date: 2024-21-02
- Author: tmrswrr
- Vendor Homepage: CMS Made Simple
- Software Version: 2.2.19
- Environment Tested: Softaculous CMS Made Simple Demo
This document describes a remote code execution vulnerability in CMS Made Simple version 2.2.19. The exploit allows an authenticated user with administrative privileges to execute arbitrary PHP code through the User Defined Tags functionality.
-
Log in as Administrator
- Access the CMS Made Simple admin panel and log in with administrator credentials.
-
Navigate to User Defined Tags
- Go to
Extensions > User Defined Tags
.
- Go to
-
Inject Payload
- In the 'Code' text area, input the following payload:
<?php echo system('id'); ?>
- This PHP code, when executed, will display the system user and group IDs.
- In the 'Code' text area, input the following payload:
-
Execute the Payload
- Click on the 'Run' button to execute the payload.
-
Observe the Output
- The output should be similar to:
uid=1000(admin) gid=1000(admin) groups=1000(admin) uid=1000(admin) gid=1000(admin) groups=1000(admin)
- This indicates successful execution of the code, displaying the server process's user and group IDs.
- The output should be similar to:
This information is provided for educational and research purposes only. The author is not responsible for any misuse or damage caused by this information.
- Special thanks to the CMS Made Simple team for their continued efforts in maintaining the security of their platform.
- Thanks to all security researchers contributing to open source security.
For further inquiries or reporting security issues, contact the author at tmrswrr@email.com
.