Lucene search
K

248 matches found

OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS6.3AI score0.00823EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 9:13 p.m.21 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS0.00823EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:13 p.m.19 views

CVE-2024-58280

CVE-2024-58280 affects CMSimple 5.15 and enables authenticated remote code execution via the Extensions configuration: an attacker can append ",php" to Extensions_userfiles and upload a PHP shell to the media directory, enabling arbitrary code execution on the server. The available sources confir...

8.8CVSS7.9AI score0.00823EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/10 9:13 p.m.3 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS7.9AI score0.00823EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple Open Source. A security vulnerability exists in CMSimple version 5.15 that originates from an authenticated user being able to modify file extensions and upload malicious PHP files, which could lead to remote command execution...

8.8CVSS7.1AI score0.00823EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.4AI score0.00323EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/06 12:0 a.m.2 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

6AI score0.00323EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.10 views

PT-2025-45332

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.8 Description A reflected Cross-Site Scripting XSS issue exists in the index.php router. The issue occurs because attacker-controlled path segments are not properly sanitized or encoded before being included in the...

7.1CVSS6AI score0.00323EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.9 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

0.00323EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 12:0 a.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.2AI score0.00323EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-2645

Malware in sbrugna...

6.8CVSS6.4AI score0.18809EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2259

Malware in sbrugna...

4.3CVSS6.2AI score0.01193EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-11197

Malware in sbrugna...

4.8CVSS5.1AI score0.00559EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-2393

Malware in sbrugna...

4.3CVSS6.4AI score0.01406EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11196

Malware in sbrugna...

4.8CVSS5.1AI score0.00559EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-0549

Malware in sbrugna...

7.5CVSS6.4AI score0.01356EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-0608

Malware in sbrugna...

6.8CVSS6.4AI score0.01146EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-30649

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00562EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53624

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00632EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53623

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00451EPSS
Exploits1References2
Rows per page
Query Builder