CVE-2024-58279

UNKNOWN 0.0

appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.

CWE	CWE-434
Vendor	apprain
Product	apprain cmf
Published	Dec 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for apprain apprain cmf

Be the first to know when new unknown vulnerabilities affecting apprain apprain cmf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

apprain / appRain CMF

4.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52041 apprain.org: https://www.apprain.org github.com: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip vulncheck.com: https://www.vulncheck.com/advisories/apprain-cmf-authenticated-remote-code-execution-via-filemanager-upload

Credits

Ahmet Ümit BAYRAM