6
CMS Made Simple
Safe Security 2021
CVE-2020-10682
Cross-Ref : CVE-2020-10682
Base Score : 7.8 HIGH
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVE-2020-10681
Base Score : 5.4 MEDIUM
CVSS Vector:
3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:
L/I:L/A:N
No solution was available till 11 Sept 2020.
1. Version 2.2.15-1 released on 2020-11-23
which mitigated or patched these
vulnerabilities.
2. So the solution is to use a version of
CMSMS after 2.2.15-0.
3. From 2.2.15-1 to the newest till date
2.2.15-6 released on 2021-04-27.
Mitigation : -
Affected Version/software
CVSS Score
CMS Made Simple through version 2.2.13
Base Score : 6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
The overall steps we will be performing :
1. Getting the target machine IP address
2. Scan open ports by using the Nmap
scanner
3. Enumerating HTTP service with the Dirb
utility
4. Enumerating application admin
5. Exploiting MySQL and updating admin
password
6. Logging in the application and local
exploit
7. Getting the root access and reading the
flag
Exploitation
● Oracle Virtualbox has been
used to run the machines
used.
● I have used Kali as the
attacking machine and the
victim machine is
My-Cmsms.ova which runs a
web app, made on the
CMSMS system.
● Both the machines should be
on the bridged mode.
Virtual Lab Environment