CVE-2023-36969: CMS Made Simple v2.2.17 – File Upload Remote Code Execution (RCE) (Authenticated)

#Exploit Title: CMS Made Simple v2.2.17 – File Upload Remote Code Execution (Authenticated)

#Date: 25 June 2023

#Exploit Author: Okan Kurtulus

#Vendor Homepage: https://www.cmsmadesimple.org/

#Version: 2.2.17

#Tested on: Ubuntu 18.0.4

#CVE: 2023-36969

#Proof of Concept:

1-) Install the system through the website and log in with any user.

2-) After logging in, click “File Manager” under “Content” from the left menu.

3-) Some file extensions are blocked from uploading. PHP extension is among them. To bypass this, we change the extension to PHTML.

4-) When we call the shell file, the reverse shell is taken.

When we make a small query, we see that 11950 websites use the relevant application.