CNNVD-202512-1782 Information
CNNVD ID
CNNVD-202512-1782
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
CMSimple是CMSimple开源的一种自由的内容管理系统。 CMSimple 5.15版本存在安全漏洞,该漏洞源于认证用户可修改文件扩展名并上传恶意PHP文件,可能导致远程命令执行。
Description (English)
CMSimple is a free content management system for the open source of CMSimple. There is a security loophole in version 5.15 of the CMSimple, which stems from the authentication user ’ s ability to modify the file extension and upload the malicious PHP file, which may lead to remote command execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
CMSimple
Published
2025-12-10
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration https://www.cmsimple.org https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip https://www.exploit-db.com/exploits/52040 https://access.redhat.com/security/cve/cve-2024-58280
Patch
https://www.cmsimple.org/?Downloads
Share on: