Login Sign Up

CVE-2024-57548

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

CMSimple 5.16 contains a broken access control vulnerability that allows authenticated users to edit the log.php file via the print page functionality. This affects all installations of CMSimple 5.16 where users have edit permissions. The vulnerability enables unauthorized file modification that could lead to further system compromise.

💻 Affected Systems

Products:
  • CMSimple
Versions: 5.16
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with edit permissions. The vulnerability is in the print page functionality that improperly allows access to log.php.

📦 What is this software?

Cmsimple by Cmsimple

View all CVEs affecting Cmsimple →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify log.php to execute arbitrary code, leading to complete system takeover, data theft, or ransomware deployment.

🟠

Likely Case

Authenticated users could modify system files to gain elevated privileges, deface websites, or disrupt logging functionality.

🟢

If Mitigated

With proper access controls and file permissions, impact is limited to authorized users making unintended changes to logging files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. Public proof-of-concept demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict access to log.php

linux

Modify file permissions to prevent unauthorized editing of log.php

chmod 644 log.php
chown root:www-data log.php

Disable print page functionality

all

Remove or disable the print page feature that allows access to log.php

# Remove or comment out print page functionality in CMSimple configuration

🧯 If You Can't Patch

  • Implement strict access controls and limit user permissions to only necessary functions
  • Monitor file modification events on log.php and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check if CMSimple version is 5.16 and test if authenticated users can edit log.php via print page functionality

Check Version:

Check CMSimple configuration files or admin panel for version information

Verify Fix Applied:

Verify that authenticated users can no longer edit log.php through the print page interface

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized modifications to log.php file
  • Multiple failed access attempts to log.php

Network Indicators:

  • Unusual HTTP requests to print page functionality with log.php parameters

SIEM Query:

source="web_server" AND (uri="*log.php*" OR uri="*print*" AND method="POST")

📊 Metadata

CVE ID: CVE-2024-57548
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-276
EPSS Score: 0.18% exploit probability (39.2th percentile)
Published: January 27, 2025
Last Updated: April 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57548, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)