CVE-2024-58280

High CVSS: 8.6

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

Vendor

Cmsimple

Product

Cmsimple

CWE

CWE-403

Yayın Tarihi

2025-12-10 22:16:19

Güncelleme

2025-12-31 18:29:58

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-403 Cmsimple HIGH Cmsimple 2025

Referanslar

https://www.cmsimple.org https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip https://www.exploit-db.com/exploits/52040 https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration

Benzer Kayıtlar

High

CVE-2021-47734

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP…

High

CVE-2021-47735

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject mal…

Medium

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows at…

Medium

CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML…

High

CVE-2024-57547

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a cra…

Critical

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page.