🛠️ Service: GetSimpleCMS
📦 Affected Version: 3.3.16
📂 Vulnerable Path: /admin/inc/template_functions.php
💥 Vulnerability Type: Remote Code Execution (RCE)
🧨 Classification: Zero-Day (Privately discovered – no prior public disclosure or patch available)
📍 Vulnerable Function: curl_exec()
🧠 Description:
A critical Remote Code Execution vulnerability was discovered privately in the specified file. The function curl_exec() executes system-level commands and is reachable through a parameter that lacks any input sanitization. This opens the door for attackers to inject arbitrary OS commands remotely.
🔓 Proof of Concept (PoC):
http://<target>/admin/inc/template_functions.php?cmd=id
🧪 Example Response:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
🚨 Impact:
An unauthenticated attacker can execute arbitrary commands on the server, leading to full system compromise.
🛡️ Recommendation:
– Immediately block public access to the vulnerable endpoint.
– Implement strict parameter validation and avoid direct command execution.
– Notify the vendor about the issue and push for an official fix.
– Monitor for any signs of exploitation in access logs.
📅 Date Discovered: 2025-07-15
🕵️♂️ Discovered By: CyberShop
Zero-Day Vulnerability Report
Pages: 1 2
