CVE-2013-10032

HIGH

GetSimpleCMS <3.2.1 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10032. PoCs published by Ahmed Elhady Mohamed, including Metasploit module exploits/unix/webapp/get_simple_cms_upload_exec.

AI-analyzed exploit summary The exploit describes an arbitrary file upload vulnerability in GetSimpleCMS 3.2.1 due to blacklist-based extension filtering. Attackers can bypass restrictions by using multiple extensions (e.g., 'exploit.html.fr') to upload malicious files.

Description

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Ahmed Elhady Mohamed · textwebappsphp

https://www.exploit-db.com/exploits/25405

View Code ZIP pw:eip

The exploit describes an arbitrary file upload vulnerability in GetSimpleCMS 3.2.1 due to blacklist-based extension filtering. Attackers can bypass restrictions by using multiple extensions (e.g., 'exploit.html.fr') to upload malicious files.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: GetSimpleCMS 3.2.1

No auth needed

Prerequisites: access to file upload functionality

MITRE ATT&CK

T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Ahmed Elhady Mohamed · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a file upload vulnerability in GetSimple CMS (CVE-2013-10032), allowing authenticated users to upload and execute arbitrary PHP code. It handles authentication, file upload, and payload execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS <= 3.1.2

Auth required

Prerequisites: Valid credentials for GetSimple CMS · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb

Exploit, VDB Entry exploit

https://www.exploit-db.com/exploits/25405

Third Party Advisory third-party-advisory

https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=27895

Third Party Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/39295

Product product

https://get-simple.info

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/getsimple-cms-auth-rce-via-arbitrary-php-file-upload

Scores

CVSS v3 8.8

EPSS 0.0232

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306 CWE-434

Status published

Products (2)

get-simple/getsimplecms 3.2.1

GetSimple CMS Project/GetSimple CMS 3.2.1

Published Jul 25, 2025

Tracked Since Feb 18, 2026