CVE-2022-41544

This exploit targets GetSimple CMS v3.3.16 (CVE-2022-41544) by leaking an API key, bypassing authentication via cookie manipulation, and uploading a PHP reverse shell. It requires prior knowledge of a valid username and leverages a CSRF token for the file upload.

This is a functional exploit for CVE-2022-41544, targeting GetSimple CMS versions <= 3.3.16. It chains an API key leak with cookie-based authentication bypass to upload a PHP reverse shell.

This repository contains a functional exploit for CVE-2022-41544, targeting GetSimple CMS versions ≤ 3.3.16. The exploit leverages authenticated access to upload a PHP reverse shell via the theme editor functionality.

This is a functional exploit for CVE-2022-41544 targeting GetSimple CMS. It chains version detection, API key leakage, CSRF token extraction, and arbitrary file upload to achieve remote code execution via a reverse shell.