CMSimple Local File Inclusion Vulnerability Leading to Remote Code Execution

A local file inclusion vulnerability has been identified in CMSimple version 5.4, allowing authenticated remote attackers to manipulate PHP session files and execute arbitrary code. Exploitation involves altering the functions file path and uploading malicious PHP code through session file upload mechanisms.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of PHP code on the server, potentially allowing an attacker to execute arbitrary commands or manipulate server-side resources.

Reproduction

To reproduce this vulnerability, log into the CMSimple application as a user with upload privileges. Once authenticated, navigate to a feature that allows file uploads through PHP session management. Upload a file containing malicious PHP code, such as a reverse shell payload, and ensure it is processed by the server. After uploading, the injected code can be executed by accessing the appropriate session file.