Pwning CMSMS for RCE and adrenaline (CVE-2024-27622)

Pwning CMSMS for RCE and adrenaline (CVE-2024-27622)

OS

2024.1.*
2020.3.*
2019.4.*

Apps

CMS
CMS Made SimpleCMS Made Simple
1.2.4.*

Screenshots from the blog posts

images/clx7tn5gphgse1hn71x52h5zy.jpgimages/clx7tn5gphgse1hn71x52h5zy.jpg

Summary

In this post, we will uncover a novel exploit targeting CMS Made Simple. The exploit injects the user-supplied PHP code into the user-defined tags leading to remote code execution

general

Description

@secatgourity

109 posts

Total vcoins

71.7K

Social media links

Comments (0)