Cyber Resilience

CVE-2024-57548

CriticalPublic PoC

Published: 27 January 2025

Published
27 January 2025
Modified
11 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0042 62.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57548 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Cmsimple Cmsimple. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 37.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-57548 is a critical vulnerability in CMSimple version 5.16 that allows users to edit the log.php file via the print page functionality. Classified under CWE-276 (Incorrect Default Permissions), it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.

An unauthenticated attacker with network access can exploit this issue with low attack complexity and no user interaction required. By leveraging the print page, the attacker gains the ability to modify the log.php file, enabling high-impact violations of confidentiality and integrity as reflected in the CVSS metrics.

Research details on the broken access control are documented in advisories at https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md, which security practitioners should review for mitigation guidance specific to CMSimple deployments.

EU & UK References

Vulnerability details

CMSimple 5.16 allows the user to edit log.php file via print page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The broken access control in CMSimple 5.16 allows editing of log.php via the print page, enabling attackers to inject PHP web shell code for remote execution (T1100), exploitation of the public-facing web application (T1190), and persistence via server software components (T1505.003).

CVEs Like This One

CVE-2024-58280Same product: Cmsimple Cmsimple
CVE-2024-57547Same product: Cmsimple Cmsimple
CVE-2024-57549Same product: Cmsimple Cmsimple
CVE-2024-57546Same product: Cmsimple Cmsimple
CVE-2021-47735Same product: Cmsimple Cmsimple
CVE-2024-43166Shared CWE-276
CVE-2024-55225Shared CWE-276
CVE-2025-35062Shared CWE-276
CVE-2024-57684Shared CWE-276
CVE-2025-27677Shared CWE-276

Affected Assets

cmsimple
cmsimple
5.16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources like log.php, directly preventing unauthorized editing via the print page.

prevent

Applies least privilege to restrict file editing to only necessary authorized users or processes, mitigating unauthenticated access through print functionality.

prevent

Defines and enforces logical access restrictions for changes to system components, blocking unauthorized modifications to files such as log.php.

References