CVE-2021-47734

CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CVSS 8.6 HIGHEPSS 0.7%CWE-98

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Cmsimple · CMSimple

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cmsimple.org/en/https://www.exploit-db.com/exploits/50547 https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution