Exploit CMSimple - Default Administrator Credentials

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39271
Проверка EDB
  1. Пройдено
Автор
GOVIND SINGH
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2014-07-28
CMSimple - Default Administrator Credentials
Код:
source: https://www.securityfocus.com/bid/68961/info

CMSimple is prone to multiple security vulnerabilities including:

1. Multiple arbitrary PHP code-execution vulnerabilities
2. A weak authentication security-bypass vulnerability
3. Multiple security vulnerabilities

An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions and execute arbitrary script code in the context of the affected application. This may aid in further attacks. 

Any user can login just with simple password "test" which is the default cms password & there own vendor site is vulnerable with weak authentication 
just login without user name & also with default password "test" here "http://cmsimple.org/2author/?Welcome_to_CMSimple&login"
 
Источник
www.exploit-db.com

Похожие темы