exploitDog

CVE-2021-47734

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

Ссылки

https://www.cmsimple.org/en/
Product
https://www.exploit-db.com/exploits/50547
Exploit
https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsimple:cmsimple:5.4:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00224

Низкий

7.8 High

CVSS3

Дефекты

CWE-98

Связанные уязвимости

GHSA-62fv-j8g5-r47m

CVSS3: 5.5

github

около 2 месяцев назад

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

EPSS

Процентиль: 45%

0.00224

Низкий

7.8 High

CVSS3

Дефекты

CWE-98