CVE-2026-5333
DefaultFuction Content-Management-System tools.php command injection
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
DefaultFuction · Content-Management-SystemPoCs públicas encontradas — 1
cve_referencegithub.com/DefaultFuction/Content-Management-System/issues/1#issue-4082558620não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/DefaultFuction/Content-Management-System/https://github.com/DefaultFuction/Content-Management-System/issues/1https://github.com/DefaultFuction/Content-Management-System/issues/1#issue-4082558620https://vuldb.com/submit/780849https://vuldb.com/vuln/354667https://vuldb.com/vuln/354667/cti