CVE-2024-57548

CriticalPublic PoC

Published: 27 January 2025

Published

27 January 2025

Modified

11 April 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0042 62.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57548 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Cmsimple Cmsimple. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 38.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to system resources like log.php, directly preventing unauthorized editing via the print page.

AC-6 Least Privilege good match

prevent

Applies least privilege to restrict file editing to only necessary authorized users or processes, mitigating unauthenticated access through print functionality.

CM-5 Access Restrictions for Change good match

prevent

Defines and enforces logical access restrictions for changes to system components, blocking unauthorized modifications to files such as log.php.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The broken access control in CMSimple 5.16 allows editing of log.php via the print page, enabling attackers to inject PHP web shell code for remote execution (T1100), exploitation of the public-facing web application (T1190), and persistence via server software components (T1505.003).

NVD Description

CMSimple 5.16 allows the user to edit log.php file via print page.

Deeper analysisAI

CVE-2024-57548 is a critical vulnerability in CMSimple version 5.16 that allows users to edit the log.php file via the print page functionality. Classified under CWE-276 (Incorrect Default Permissions), it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.

An unauthenticated attacker with network access can exploit this issue with low attack complexity and no user interaction required. By leveraging the print page, the attacker gains the ability to modify the log.php file, enabling high-impact violations of confidentiality and integrity as reflected in the CVSS metrics.

Research details on the broken access control are documented in advisories at https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md, which security practitioners should review for mitigation guidance specific to CMSimple deployments.