HIGH🇬🇧 English

CVE-2021-47734

CVSS 8.6v4.0pub. 2025-12-23upd. 2026-01-05

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cmsimple

    APP
    Cmsimple
    5.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-57548CRITICAL9.1PL ✓ten sam produkt

CMSimple 5.16 — nieautoryzowana edycja pliku log.php przez stronę print

CVE-2021-43741CRITICAL9.8ten sam produkt

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name ...

CVE-2021-47735HIGH8.6ten sam produkt

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to ...

CVE-2024-58280HIGH8.6ten sam produkt

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify ...

CVE-2024-57547HIGH7.5ten sam produkt

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information...