ГлавнаяУязвимости → CVE-2021-47734
7.8высокая

CVE-2021-47734

Описание

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

Затрагиваемое ПО
Cmsimple Cmsimple
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.cmsimple.org/en/https://www.exploit-db.com/exploits/50547https://www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-execution