CVE-2024-27623

MEDIUM

CMS Made Simple <2.2.19 - SSRF

Title source: llm

Description

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

References (2)

[Exploit, Third Party Advisory] https://github.com/capture0x/CMSMadeSimple2

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://www.vicarius.io/vsociety/posts/pwning-cmsms-via-user-defined-tags-for-fun-and-learning-cve-2024-27622-27623

Scores

CVSS v3 5.9

EPSS 0.0008

EPSS Percentile 23.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1336

Status published

Products (1)

cmsmadesimple/cms_made_simple 2.2.19

Published Mar 05, 2024

Tracked Since Feb 18, 2026