Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 17, 2026
CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution
CVE-2021-47734
Description
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50547mitreexploit
- www.vulncheck.com/advisories/cmsimple-authenticated-local-file-inclusion-remote-code-executionmitrethird-party-advisory
- www.cmsimple.org/en/mitreproduct
News mentions
0No linked articles in our index yet.