A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input
whoami
leads to os command injection.
This vulnerability is uniquely identified as CVE-2023-6901. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.