CVE-2022-41544

CRITICAL

GetSimple CMS 3.3.16 - Remote Code Execution via Edited File Parameter

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2022-41544. PoCs published by Youssef Muhammad, yosef0x01, ph13b45.

AI-analyzed exploit summary This exploit targets GetSimple CMS v3.3.16 (CVE-2022-41544) by leaking an API key, bypassing authentication via cookie manipulation, and uploading a PHP reverse shell. It requires prior knowledge of a valid username and leverages a CSRF token for the file upload.

Description

GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.

Exploits (6)

exploitdb WORKING POC VERIFIED

by Youssef Muhammad · pythonwebappsphp

https://www.exploit-db.com/exploits/51475

View Code ZIP pw:eip

This exploit targets GetSimple CMS v3.3.16 (CVE-2022-41544) by leaking an API key, bypassing authentication via cookie manipulation, and uploading a PHP reverse shell. It requires prior knowledge of a valid username and leverages a CSRF token for the file upload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS v3.3.16

Auth required

Prerequisites: valid username · network access to target · PHP execution capability on target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.005 - Visual Basic T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by yosef0x01 · poc

https://github.com/yosef0x01/CVE-2022-41544

View Code ZIP pw:eip

This is a functional exploit for CVE-2022-41544, targeting GetSimple CMS versions <= 3.3.16. It chains an API key leak with cookie-based authentication bypass to upload a PHP reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS <= 3.3.16

No auth needed

Prerequisites: Target running vulnerable GetSimple CMS · Network access to target · Listener for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by ph13b45 · poc

https://gitlab.com/ph13b45/CVE-2022-41544

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-41544, targeting GetSimple CMS v3.3.16 and earlier. The exploit chains authentication bypass via API key leakage, CSRF token retrieval, and arbitrary file upload to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS ≤ 3.3.16

Auth required

Prerequisites: valid admin username · network access to target · reverse shell listener

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 19, 2026 Full analysis →

gitlab WORKING POC

by nopgadget · poc

https://gitlab.com/nopgadget/CVE-2022-41544

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-41544, targeting GetSimple CMS v3.3.16 and earlier. The exploit chains authentication bypass via API key leakage with CSRF token retrieval to upload a PHP reverse shell through the theme editor.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS ≤ 3.3.16

Auth required

Prerequisites: valid admin username · network access to target · reverse shell listener

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 12, 2026 Full analysis →

nomisec WORKING POC

by nopgadget · poc

https://github.com/nopgadget/CVE-2022-41544

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-41544, targeting GetSimple CMS versions ≤ 3.3.16. The exploit leverages authenticated access to upload a PHP reverse shell via the theme editor functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS ≤ 3.3.16

Auth required

Prerequisites: Valid admin username · Network access to target · Python 3.6+

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by h3x0v3rl0rd · poc

https://github.com/h3x0v3rl0rd/CVE-2022-41544

View Code ZIP pw:eip

This is a functional exploit for CVE-2022-41544 targeting GetSimple CMS. It chains version detection, API key leakage, CSRF token extraction, and arbitrary file upload to achieve remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimple CMS <= 3.3.16

Auth required

Prerequisites: Admin username · Network access to target · Reverse shell listener

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Issue Tracking, Third Party Advisory

https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172553/GetSimple-CMS-3.3.16-Shell-Upload.html

Scores

CVSS v3 9.8

EPSS 0.0944

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

get-simple/getsimple_cms 3.3.16

Published Oct 18, 2022

Tracked Since Feb 18, 2026