CVE-2024-57546

HighPublic PoC

Published: 27 January 2025

Published

27 January 2025

Modified

16 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0040 60.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2024-57546 is a vulnerability in CMSimple version 5.16 that enables a remote attacker to obtain sensitive information by sending a crafted script to the validate link function. Classified under CWE-922, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact accessible over the network with low attack complexity, no privileges, and no user interaction required.

A remote unauthenticated attacker can exploit this issue by targeting the validate link function with a malicious script, leading to unauthorized disclosure of sensitive information. The CVSS vector underscores its ease of exploitation from external networks without authentication or special conditions.

Research details on the vulnerability, including analysis of the validate links SSRF behavior, are documented in GitHub references such as https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Validate%20links%20SSRF.md. No official advisories or patches are referenced in the CVE details.

Details

CWE(s): CWE-922

Affected Products

cmsimple

5.16

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1574.010 Services File Permissions Weakness Stealth

Adversaries may execute their own malicious payloads by hijacking the binaries used by services.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2024-57546 enables SSRF for sensitive information disclosure (T1005, T1046); related advisories describe LFI for source code access (T1083, T1005), insecure permissions for backup download and log.php edit (T1044), all in a public-facing web app (T1190).

References

https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb
Third Party Advisory · cve@mitre.org
https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Validate%20links%20SSRF.md
Exploit, Third Party Advisory · cve@mitre.org