by vicarius
log in join community
by @secatgourity
10 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Pwning CMSMS for RCE and adrenaline (CVE-2024-27622)

by @secatgourity
by @secatgourity
10 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Pwning CMSMS for RCE and adrenaline (CVE-2024-27622)

OS

Kali Linux
Kali LinuxKali
2024.1.*
2020.3.*
2019.4.*

Apps

CMS
CMS Made SimpleCMS Made Simple
1.2.4.*

Screenshots from the blog posts

images/clx7tn5gphgse1hn71x52h5zy.jpgimages/clx7tn5gphgse1hn71x52h5zy.jpg

Summary

In this post, we will uncover a novel exploit targeting CMS Made Simple. The exploit injects the user-supplied PHP code into the user-defined tags leading to remote code execution

general

Description

Tags

#RCE#php#remote-code-execution#cms#cms-made-simple#code-injection

@secatgourity

132 posts

Total vcoins

86.1K

Social media links

Comments (0)