9 matches found
CVE-2021-47736
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
CVE-2021-47736
CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...
CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
PT-2025-52836
Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
PT-2025-45332
Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.8 Description A reflected Cross-Site Scripting XSS issue exists in the index.php router. The issue occurs because attacker-controlled path segments are not properly sanitized or encoded before being included in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...