Unrated severityOSV Advisory· Published Dec 10, 2025· Updated Apr 7, 2026

PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

CVE-2024-58284

Description

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

Affected products

Popojicms/PopojicmsOSV
Range: v2.0.0, v2.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/52022mitreexploit
www.popojicms.orgmitrevendor-advisoryproduct
www.vulncheck.com/advisories/popojicms-remote-command-execution-via-authenticated-metadata-settingsmitrethird-party-advisory
github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zipmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000