CVE-2024-57546

HighPublic PoC

Published: 27 January 2025

Published

27 January 2025

Modified

16 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0040 60.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57546 is a high-severity Insecure Storage of Sensitive Information (CWE-922) vulnerability in Cmsimple Cmsimple. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 39.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly remediates the SSRF flaw in CMSimple's validate link function through identification, reporting, and correction of the vulnerability.

SI-10 Information Input Validation good match

prevent

Prevents SSRF exploitation by validating and sanitizing crafted inputs to the validate link function.

SC-7 Boundary Protection partial match

prevent

Limits SSRF impact by enforcing boundary protections that block unauthorized internal network requests from the application server.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1574.010 Services File Permissions Weakness Stealth

Adversaries may execute their own malicious payloads by hijacking the binaries used by services.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2024-57546 enables SSRF for sensitive information disclosure (T1005, T1046); related advisories describe LFI for source code access (T1083, T1005), insecure permissions for backup download and log.php edit (T1044), all in a public-facing web app (T1190).

NVD Description

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.

Deeper analysisAI

CVE-2024-57546 is a vulnerability in CMSimple version 5.16 that enables a remote attacker to obtain sensitive information by sending a crafted script to the validate link function. Classified under CWE-922, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact accessible over the network with low attack complexity, no privileges, and no user interaction required.

A remote unauthenticated attacker can exploit this issue by targeting the validate link function with a malicious script, leading to unauthorized disclosure of sensitive information. The CVSS vector underscores its ease of exploitation from external networks without authentication or special conditions.

Research details on the vulnerability, including analysis of the validate links SSRF behavior, are documented in GitHub references such as https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Validate%20links%20SSRF.md. No official advisories or patches are referenced in the CVE details.