Arbitrary File Upload Vulnerability in GetSimple CMS by GetSimple

CVE-2019-11231

What is CVE-2019-11231?

An issue discovered in GetSimple CMS versions up to 3.3.15 allows authenticated users to upload files with arbitrary content, including PHP code. This vulnerability can potentially be exploited as the authentication mechanism can be bypassed. The vulnerability resides in the admin/theme-edit.php file, which validates POST request submissions without adequately checking file extensions or the content of uploaded files. Additionally, the default configuration of the Apache HTTP Server may facilitate data exposure due to the lack of an AllowOverride directive. Consequently, crucial authentication credentials such as hashed passwords can be accessed through exploited API keys and crafted cookies, enabling attackers to bypass security measures and upload malicious files to the server.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2019-11231
Created by Rapid7

CVE-2019-11231-PoC
Created by akincibor

References