← voltar
CVE-2021-47734

CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CVSS 8.6 HIGHEPSS 0.7%CWE-98
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Cmsimple · CMSimple

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cmsimple.org/en/https://www.exploit-db.com/exploits/50547https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution