VYPR
Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Apr 7, 2026

CMSimple 5.15 Remote Command Execution via Extensions Configuration

CVE-2024-58280

Description

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cmsimple/Cmsimplellm-fuzzy2 versions
    = 5.15+ 1 more
    • (no CPE)range: = 5.15
    • (no CPE)range: 5.15

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.