CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-47734

HIGH
7.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile20.03th
Published2025年12月23日
Last Modified2026年1月5日

Vulnerability Description

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

Affected Platforms (CPE)

📦
Cmsimple

Cmsimple

= 5.4

References & Advisories

🔗 https://www.cmsimple.org/en/
🔗 https://www.exploit-db.com/exploits/50547
🔗 https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution

相关漏洞威胁

CVE-2021-4264510.0

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use ...

CVE-2021-437419.8

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on...

CVE-2021-477358.8

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP...

CVE-2007-05517.5

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary...