CVE-2024-57547 – CMSimple v5.16 has an insecure permissions vuln... (How to Fix)

Q: What is the severity of CVE-2024-57547?

CVE-2024-57547 has a CVSS score of 7.5 (HIGH). CMSimple v5.16 has an insecure permissions vulnerability that allows remote attackers to download PHP backup files containing sensitive information. This affects all installations using the vulnerable version of this content management system. Attackers can craft scripts to access backup files that should be protected.

📋 TL;DR

CMSimple v5.16 has an insecure permissions vulnerability that allows remote attackers to download PHP backup files containing sensitive information. This affects all installations using the vulnerable version of this content management system. Attackers can craft scripts to access backup files that should be protected.

💻 Affected Systems

Products:

CMSimple

Versions: v5.16 (specific version)

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of CMSimple 5.16. The vulnerability is in the backup file download functionality.

📦 What is this software?

Cmsimple by Cmsimple

View all CVEs affecting Cmsimple →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through exposed database credentials, configuration secrets, and potential remote code execution via backup file manipulation.

🟠

Likely Case

Sensitive information disclosure including database credentials, admin passwords, and site configuration data leading to unauthorized access.

🟢

If Mitigated

Limited impact with proper file permission controls and backup file location restrictions in place.

🌐 Internet-Facing: HIGH - Directly exploitable over the internet without authentication via crafted HTTP requests.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available showing how to craft requests to download backup files. Exploitation requires knowledge of backup file naming conventions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 5.16 (check for updates)

Vendor Advisory: Check CMSimple official website or repository

Restart Required: No

Instructions:

1. Upgrade to latest CMSimple version. 2. If upgrade not possible, apply security patches from vendor. 3. Remove or secure backup files in web-accessible directories.

🔧 Temporary Workarounds

Restrict backup file access

all

Move backup files outside web root or apply strict file permissions

chmod 600 backup_files/*
mv backup_files/ /path/outside/webroot/

Web server restrictions

Apache

Add .htaccess rules to block access to backup file extensions

Add to .htaccess: <FilesMatch "\.(sql|bak|backup|gz|zip)$">
  Order allow,deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Move all backup files to a directory outside the web server document root
Implement web application firewall rules to block requests to backup file patterns

🔍 How to Verify

Check if Vulnerable:

Check if backup files with .php extensions are accessible via HTTP requests to common backup locations

Check Version:

Check CMSimple version in admin panel or look for version.php file

Verify Fix Applied:

Attempt to access backup files via browser or curl and verify access is denied

📡 Detection & Monitoring

Log Indicators:

HTTP requests to backup file paths
Access to files with .php.bak, .sql, .backup extensions
Unusual file download patterns

Network Indicators:

HTTP GET requests to backup-related URLs
Traffic patterns showing file enumeration attempts

SIEM Query:

source="web_logs" AND (uri="*backup*" OR uri="*.bak" OR uri="*.sql" OR uri="*.backup*")

📊 Metadata

CVE ID: CVE-2024-57547

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-732

EPSS Score: 0.19% exploit probability (40.7th percentile)

Published: January 27, 2025

Last Updated: April 11, 2025

🔗 References

https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb Third Party Advisory
https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Remote%20Code%20Execution%20via%20backup%20file%20editing.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57547, you might also want to check these: