Vulnerability in Cmsimple

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to…

EPSS: 0.005 (68.0th percentile) — read the EPSS interpretation.

Affected products

Cmsimple — versions 5.15

Weakness classification (CWE)

CWE-403 — Exposure of File Descriptor to Unintended Control Sphere (File Descriptor Leak)

References

ExploitDB-52040 (exploit)
CMSimple Homepage (product)
CMSimple Download Page (product)
VulnCheck Advisory: CMSimple 5.15 Remote Command Execution via Extensions Configuration (third-party-advisory)