Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026

CMSimple 5.4 Authenticated Remote Code Execution via Template Editing

CVE-2021-47735

Description

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token.

Affected products

Cmsimple/Cmsimplev5
Range: 5.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50356mitreexploit
www.vulncheck.com/advisories/cmsimple-authenticated-remote-code-execution-via-template-editingmitrethird-party-advisory
www.cmsimple.orgmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000