250 matches found
CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing...
CVE-2021-47735
CVE-2021-47735 (CMSimple 5.4) describes an authenticated remote code execution via the template editing feature. The vulnerability arises when logged-in users can inject PHP code into template files through the template editing endpoint using a valid CSRF token, enabling execution of a reverse sh...
CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734
CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CMSimple 跨站脚本漏洞
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...
CMSimple 安全漏洞
CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...
PT-2025-52836
Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...
PT-2025-52833
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains a cross-site scripting issue that allows attackers to bypass input filtering. This is achieved by using HTML to Unicode encoding, enabling the injection of malicious scripts. Attackers can...
CMSimple 代码注入漏洞
CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...
CMSimple 跨站脚本漏洞
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...
PT-2025-52832
Name of the Vulnerable Software and Affected Versions CMSimple version 5.2 Description CMSimple 5.2 has a stored cross-site scripting issue in the Filebrowser External input field. This allows attackers to inject malicious JavaScript code. When users click on the Page or Files tabs, the injected...
PT-2025-52834
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...
PT-2025-52835
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains an authenticated remote code execution issue that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by...
CVE-2024-58280
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
EUVD-2024-55318
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
CVE-2024-58280
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...