Headline
CVE-2023-46042: A file write vulnerability exists in GetSimpleCMS
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
1.GetSimple Version:3.4.0a
2.Download address:
https://codeload.github.com/GetSimpleCMS/GetSimpleCMS/zip/refs/heads/master
3.Vulnerability type: File write vulnerability
4.The following page is displayed in the background:
/admin/theme-edit.php?t=Innovation&f=functions.php
5.Write malicious code, such as phpinfo, in the functions.php file
Click save changes
6.Open file location:/theme/Innovation/functions.php