Home

Description

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.

PUBLISHED Reserved 2025-07-24 | Published 2025-07-25 | Updated 2025-11-20 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

3.2.1
affected

Credits

Ahmed Elhady Mohamed finder

References

raw.githubusercontent.com/...p/get_simple_cms_upload_exec.rb exploit

www.exploit-db.com/exploits/25405 exploit

www.broadcom.com/...enter/attacksignatures/detail?asid=27895 third-party-advisory

www.fortiguard.com/encyclopedia/ips/39295 third-party-advisory

get-simple.info product

www.vulncheck.com/...-auth-rce-via-arbitrary-php-file-upload third-party-advisory

cve.org (CVE-2013-10032)

nvd.nist.gov (CVE-2013-10032)

Download JSON