8a32e340d5
8 changes to exploits/shellcodes/ghdb Sitefinity 15.0 - Cross-Site Scripting (XSS) appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated) CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated) Dotclear 2.29 - Remote Code Execution (RCE) Monstra CMS 3.0.4 - Remote Code Execution (RCE) Serendipity 2.5.0 - Remote Code Execution (RCE) WBCE CMS v1.6.2 - Remote Code Execution (RCE)
14 lines
No EOL
517 B
Text
14 lines
No EOL
517 B
Text
# Exploit Title: CMSimple 5.15 - Remote Command Execution
|
|
# Date: 04/28/2024
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: https://www.cmsimple.org
|
|
# Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
|
|
# Version: latest
|
|
# Tested on: MacOS
|
|
|
|
# Log in to SimpleCMS.
|
|
# Go to Settings > CMS
|
|
# Append ",php" to the end of the Extensions_userfiles field and save it.
|
|
# Navigate to Files > Media
|
|
# Select and upload shell.php
|
|
# Your shell is ready: https://{url}/userfiles/media/shell.php |