exploitDog

CVE-2021-47736

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.

Ссылки

https://www.cmsimple-xh.org/
Product
https://www.exploit-db.com/exploits/50367
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/cmsimplexh-authenticated-remote-code-execution-via-content-editing
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsimple-xh:cmsimple_xh:1.7.4:-:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00829

Низкий

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-353h-pmfp-h8fp

CVSS3: 8.8

github

около 2 месяцев назад

CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.

EPSS

Процентиль: 74%

0.00829

Низкий

7.2 High

CVSS3

Дефекты

CWE-94