CVE-2021-47736

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4

Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file, enabling arbitrary command execution on the server. The vulnerability allows for the execution of code on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.