Lucene search
+L

250 matches found

Cvelist
Cvelist
added 2025/12/23 7:34 p.m.24 views

CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing...

8.8CVSS0.0076EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.24 views

CVE-2021-47735

CVE-2021-47735 (CMSimple 5.4) describes an authenticated remote code execution via the template editing feature. The vulnerability arises when logged-in users can inject PHP code into template files through the template editing endpoint using a valid CSRF token, enabling execution of a reverse sh...

8.8CVSS7.7AI score0.0076EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.5 views

CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

8.6CVSS7.2AI score0.00712EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.27 views

CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

8.6CVSS0.00712EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.19 views

CVE-2021-47734

CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...

8.6CVSS7.2AI score0.00712EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.3 views

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.16 views

CVE-2021-47732

CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.27 views

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS0.00235EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.7 views

CMSimple 跨站脚本漏洞

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

6.1CVSS6.2AI score0.00216EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.6 views

CMSimple 安全漏洞

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

8.6CVSS7.1AI score0.00712EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.11 views

PT-2025-52836

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...

8.8CVSS8AI score0.00926EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.11 views

PT-2025-52833

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains a cross-site scripting issue that allows attackers to bypass input filtering. This is achieved by using HTML to Unicode encoding, enabling the injection of malicious scripts. Attackers can...

6.1CVSS6.4AI score0.00216EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.8 views

CMSimple 代码注入漏洞

CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...

8.8CVSS7.5AI score0.0076EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.6 views

CMSimple 跨站脚本漏洞

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

6.1CVSS6.2AI score0.00235EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.9 views

PT-2025-52832

Name of the Vulnerable Software and Affected Versions CMSimple version 5.2 Description CMSimple 5.2 has a stored cross-site scripting issue in the Filebrowser External input field. This allows attackers to inject malicious JavaScript code. When users click on the Page or Files tabs, the injected...

7.2CVSS5.7AI score0.00235EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.11 views

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

8.6CVSS7AI score0.00712EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.14 views

PT-2025-52835

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains an authenticated remote code execution issue that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by...

8.8CVSS7.7AI score0.0076EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.7 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS8.3AI score0.00823EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.7 views

EUVD-2024-55318

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS7.7AI score0.00823EPSS
Exploits1References5
NVD
NVD
added 2025/12/10 10:16 p.m.5 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS0.00823EPSS
Exploits1References4
Rows per page
Query Builder