CyberSec.Space Logo
Back to CVE Browser

CVE-2021-47734

HIGH
7.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile20.03th
PublishedDec 23, 2025
Last ModifiedJan 5, 2026

Vulnerability Description

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

Affected Platforms (CPE)

๐Ÿ“ฆ
Cmsimple

Cmsimple

= 5.4

References & Advisories

๐Ÿ”— https://www.cmsimple.org/en/
๐Ÿ”— https://www.exploit-db.com/exploits/50547
๐Ÿ”— https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution

Related Vulnerabilities

CVE-2021-4264510.0

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use ...

CVE-2021-437419.8

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on...

CVE-2021-477358.8

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP...

CVE-2007-05517.5

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary...