Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated) Basic Information: EDB-ID: 50356 CVE: N/A Author: PUSSYCAT0X Type: WEBAPPS Platform: PHP Date: 2021-09-30 Vulnerable App: Cmsimple Key Information: Vulnerability Type: Remote Code Execution (RCE) Target Version: Cmsimple 5.4 Test Environment: Ubuntu 20.04.1 Exploitation Method: Requires Authentication (Authenticated) Exploit Script Language: Python Exploitation Steps Summary: 1. Login Authentication: Authenticate using provided username and password. 2. CSRF Token Retrieval: Retrieve CSRF Token by accessing a specific URL. 3. Malicious PHP Code Construction: Create malicious PHP code containing a reverse shell. 4. Submit Malicious Code: Submit the malicious code via a POST request as a template file. 5. Trigger Execution: Trigger execution of the malicious code by sending a GET request, establishing a reverse shell connection. Code Snippet Examples: Security Advisory: Ensure Cmsimple is updated to the latest version to avoid known vulnerabilities. Enable input validation and adopt secure coding practices when deploying web applications to prevent injection attacks.