CVE-2024-57547
Published: 27 January 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-57547 is an insecure permissions vulnerability affecting CMSimple version 5.16. It enables a remote attacker to obtain sensitive information through a crafted script targeting the functionality for downloading PHP backup files. The issue is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges, user interaction, or disruption to integrity or availability.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted script to the backup download functionality, allowing them to access and retrieve PHP backup files that may contain sensitive information from the CMSimple installation. No special privileges or user interaction are needed, making it accessible over the network with low complexity.
Advisories and research details are available in the provided references, including a GitHub Gist at https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and a Markdown document on GitHub at https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Remote%20Code%20Execution%20via%20backup%20file%20editing.md, which security practitioners should review for exploitation details and potential mitigation steps such as restricting backup file permissions or upgrading the software if patches become available.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Insecure permissions on PHP backup file download functionality in public-facing CMSimple CMS enable remote unauthorized access to sensitive information, exploiting file system permissions weaknesses (T1044) and public-facing application vulnerabilities (T1190).