16Ara
CVE-2023-6901 | codelyfe Stupid Simple CMS up to 1.2.3 HTTP POST Request handle-command.php command os command injection
A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the inputwhoami leads to os command injection.
This vulnerability is uniquely identified as CVE-2023-6901. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
