An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected site. This may lead to the installation of malicious extensions, data spoofing, and other forms of system-level attacks. In addition, fixed code execution vulnerabilities may be discovered with ongoing security monitoring.
GetSimple CMS v3.3.16 fixed the issue by updating the edited_file parameter in admin/theme-edit.php to be more secure. We urge site owners to update GetSimple CMS immediately when possible.
This is the second discovery of a GetSimple CMS remote code execution vulnerability in the recent weeks. In July, version 3.3.15 was discovered to have a remote code execution (RCE) vulnerability in the search page.
We are actively investigating the discovery of this RCE vulnerability in GetSimple CMS. Stay tuned for further updates.
Step-by-Step Guide to Update GetSimple CMS
1. Update all WordPress plugins and themes to the latest versions to protect against this vulnerability.
2. Update GetSimple CMS to version 3.3.16 (the latest version at the time of writing)
3. Put a temporary password on admin/theme-edit.php, and access it from http://yourdomainname/admin/theme-edit.php?action=expand_file&idx=1
4. Edit the edited_file parameter in admin/theme-edit.php from "a:0:{}" to "a:1:{}|b:0:{}" and save the file
5. Delete your temporary password and recover original settings via backup or through phpMyAdmin
Vulnerability Discovery Steps
1) A security researcher has discovered an issue with one of the GetSimple CMS RCE vulnerabilities.
2) We verify that the vulnerability is indeed present in our product, and swiftly release a patch.
3) The vulnerability is fixed in the latest version of our product.
4) The vulnerability is detected by a third-party security service, who promptly inform us about it.
5) We take corrective action to ensure we no longer have any RCE vulnerabilities in any of our products.
Timeline
Published on: 10/18/2022 15:15:00 UTC
Last modified on: 10/19/2022 03:49:00 UTC