CVE-2024-57549
Published: 27 January 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2024-57549 is a path traversal vulnerability (CWE-22) affecting CMSimple 5.16, a content management system. The flaw allows unauthorized users to read CMS source code by manipulating the filename in the "file" parameter of a GET request. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity and no prerequisites for authentication or user interaction.
Unauthenticated attackers with network access to a vulnerable CMSimple 5.16 instance can exploit this issue remotely. By crafting a GET request with a malicious "file" parameter value, such as directory traversal sequences, they can disclose sensitive source code files from the server, potentially exposing configuration details, credentials, or other proprietary information without affecting integrity or availability.
Research detailing the vulnerability and proof-of-concept exploitation is documented in the following references: https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Sensitive%20information%20disclosure.md. These publications focus on sensitive information disclosure in CMSimple 5.16 but do not specify vendor-provided patches or mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The LFI vulnerability (CVE-2024-57549) in the public-facing CMSimple web application enables exploitation for initial access (T1190), file and directory discovery through file parameter manipulation (T1083), and collection of data from the server's local filesystem by reading CMS source code (T1005).