HIGH🇵🇱 Wersja polska

CVE-2021-47734

CVSS 8.6v4.0pub. 2025-12-23upd. 2026-01-05

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cmsimple

    APP
    Cmsimple
    5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-57548CRITICAL9.1PL ✓ten sam produkt

CMSimple 5.16 — nieautoryzowana edycja pliku log.php przez stronę print

CVE-2021-43741CRITICAL9.8ten sam produkt

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name ...

CVE-2021-47735HIGH8.6ten sam produkt

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to ...

CVE-2024-58280HIGH8.6ten sam produkt

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify ...

CVE-2024-57547HIGH7.5ten sam produkt

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information...