VYPR
Unrated severityOSV Advisory· Published Dec 10, 2025· Updated Apr 7, 2026

PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

CVE-2024-58284

Description

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Popojicms/PopojicmsOSV2 versions
    v2.0.0, v2.0.1+ 1 more
    • (no CPE)range: v2.0.0, v2.0.1
    • (no CPE)range: =2.0.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.