Unrated severityOSV Advisory· Published Dec 23, 2025· Updated Jan 5, 2026
CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing
CVE-2021-47736
Description
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.7.0, 1.7.0rc1, 1.7.1, …+ 1 more
- (no CPE)range: 1.7.0, 1.7.0rc1, 1.7.1, …
- (no CPE)range: = 1.7.4
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50367mitreexploit
- www.vulncheck.com/advisories/cmsimplexh-authenticated-remote-code-execution-via-content-editingmitrethird-party-advisory
- www.cmsimple-xh.orgmitreproduct
News mentions
0No linked articles in our index yet.