Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 17, 2026

CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CVE-2021-47734

Description

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

Affected products

Cmsimple/Cmsimplev5
Range: CMSimple 5.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50547mitreexploit
www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-executionmitrethird-party-advisory
www.cmsimple.org/en/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000