CVE-2024-57549
Published: 27 January 2025
Summary
CVE-2024-57549 is a high-severity Path Traversal (CWE-22) vulnerability in Cmsimple Cmsimple. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-13 (Monitoring for Information Disclosure).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires input validation at entry points to reject or block malicious file parameter values containing directory traversal sequences exploited in this CVE.
AC-3 enforces approved authorizations for logical access to system resources, preventing unauthorized reading of CMS source code files via manipulated GET parameters.
AU-13 monitors for events indicative of information disclosure, such as anomalous file access requests, to identify exploitation of this path traversal vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The LFI vulnerability (CVE-2024-57549) in the public-facing CMSimple web application enables exploitation for initial access (T1190), file and directory discovery through file parameter manipulation (T1083), and collection of data from the server's local filesystem by reading CMS source code (T1005).
NVD Description
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
Deeper analysisAI
CVE-2024-57549 is a path traversal vulnerability (CWE-22) affecting CMSimple 5.16, a content management system. The flaw allows unauthorized users to read CMS source code by manipulating the filename in the "file" parameter of a GET request. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity and no prerequisites for authentication or user interaction.
Unauthenticated attackers with network access to a vulnerable CMSimple 5.16 instance can exploit this issue remotely. By crafting a GET request with a malicious "file" parameter value, such as directory traversal sequences, they can disclose sensitive source code files from the server, potentially exposing configuration details, credentials, or other proprietary information without affecting integrity or availability.
Research detailing the vulnerability and proof-of-concept exploitation is documented in the following references: https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb and https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Sensitive%20information%20disclosure.md. These publications focus on sensitive information disclosure in CMSimple 5.16 but do not specify vendor-provided patches or mitigation steps.
Details
- CWE(s)