exploitDog

CVE-2024-58280

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

Ссылки

https://www.cmsimple.org
Product
https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
Product
https://www.exploit-db.com/exploits/52040
Exploit
https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsimple:cmsimple:5.15:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00361

Низкий

8.8 High

CVSS3

Дефекты

CWE-403

Связанные уязвимости

GHSA-mc4p-3xcw-5f46

CVSS3: 8.8

github

около 2 месяцев назад

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

EPSS

Процентиль: 58%

0.00361

Низкий

8.8 High

CVSS3

Дефекты

CWE-403