πŸ” CVE Alert

CVE-2024-58280

UNKNOWN 0.0

CMSimple 5.15 Remote Command Execution via Extensions Configuration

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

CWE CWE-403
Vendor cmsimple
Product cmsimple
Published Dec 10, 2025
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for cmsimple cmsimple

Be the first to know when new unknown vulnerabilities affecting cmsimple cmsimple are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

CMSimple / CMSimple
5.15

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/52040 cmsimple.org: https://www.cmsimple.org cmsimple.org: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip vulncheck.com: https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration

Credits

Ahmet Ümit BAYRAM