CVE-2024-58280
HIGHDescription
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cmsimple | cmsimple |
References
Frequently Asked Questions
What is CVE-2024-58280? +
How severe is CVE-2024-58280? +
What products are affected by CVE-2024-58280? +
How do I check if I'm vulnerable to CVE-2024-58280? +
Related Vulnerabilities
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN …
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 …
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability …
CMSimple 5.16 allows the user to edit log.php file via print page.
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template …
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute …