Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Apr 7, 2026
CMSimple 5.15 Remote Command Execution via Extensions Configuration
CVE-2024-58280
Description
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/52040mitreexploit
- www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configurationmitrethird-party-advisory
- www.cmsimple.orgmitreproduct
- www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zipmitreproduct
News mentions
0No linked articles in our index yet.