CVE-2024-57549

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 27, 2025

Updated: Jan 28, 2025

CWE ID 22

Summary

CVE-2024-57549 is a vulnerability affecting CMSimple version 5.16. An attacker can exploit this issue by manipulating the file name in a GET request's file parameter. This allows the attacker to read the source code of the Content Management System (CMS), posing a significant risk to data confidentiality. The vulnerability is caused by insufficient input validation in the CMS's handling of GET requests containing the file parameter. It is crucial that users of CMSimple 5.16 upgrade to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

CMSimple

Affected Vendors

Cmsimple

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2T_Byo
https://www.cve.org/CVERecord?id=CVE-2024-57549
https://nvd.nist.gov/vuln/detail/CVE-2024-57549

Back to Vulnerability Database