CMSimple Log File Editing Vulnerability via Print Page

A broken access control vulnerability in CMSimple version 5.16 allows users to edit the log.php file through the print page. This issue can be exploited by logging in as an administrator, navigating to the settings log, and manipulating the file parameter to bypass restrictions. The vulnerability could be used to inject arbitrary PHP code into the log.php file.

Impact

Exploitation of this vulnerability could lead to remote code execution, as injected PHP code could be executed on the server.

Reproduction

To reproduce this vulnerability, log in as an administrator and go to the Settings > Log section. Change the URL to include 'file=log&action=view' and then switch 'action=view' to 'action=edit', which will trigger an error message. To bypass the edit restriction, add 'print' to the URL parameters and access the log file. Once the log.php file is accessible, it can be edited to inject arbitrary PHP code.