h4ckr4v3n
h4ckr4v3n
/ gist:afbb87b5a05f283dbee705709c2769eb
Created
January 24, 2025 06:39
Multiple vulnerabilities in CMSimple 5.16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I've discovered several high and critical vulnerabilities in CMSimple 5.16 leading to RCE: | |
| CVE-2024-57546 - An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. | |
| CVE-2024-57547 - Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. | |
| CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page. | |
| CVE-2024-57549 - CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. | |
| Original research: https://github.com/h4ckr4v3n/cmsimple5.16_research |
h4ckr4v3n
/ gist:26eaa57d94f749b597ede8b404c234df
Created
January 9, 2025 22:01
CVE-2024-46210 - Remote Code Execution in Redaxo CMS 5.17 Admin dashboard
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Redaxo CMS v5.17 allows an authenticated admin user to execute malicious code via PHP Template creating. | |
| Admin can create new template with arbitrary PHP code. | |
| Also CronJob addon vulnerable to RCE. Admin can create cronjob that executes arbitrary PHP code on the application server. | |
| Original research: https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf |
h4ckr4v3n
/ gist:2e00bbc770c0fc995dd013cff3c28f36
Created
January 7, 2025 09:56
Redaxo CMS v5.17 vulnerable to XSS and RCE (CVE-2024-46209, CVE-2024-46210)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Redaxo CMS v5.17 vulnerable to XSS/CSRF via HTML page upload in MediaPool module. It allows to privilege escalation to admin user. | |
| Using administrative account attacker can execute arbitrary code via template editor. | |
| Also attacker can use CronJob AddOn to execute arbitrary code. | |
| Original research: https://github.com/h4ckr4v3n/CVE-2024-46209 |