CVE-2024-58280

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15

Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions userfiles and upload a shell script to the media directory, enabling arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.