Security Advisory

CVE-2021-47735

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-23 19:34:09

Last updated 2026-03-05 12:02:27

Assigner VulnCheck

State PUBLISHED

Description

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token.

← Browse all CVEs View on cve.org ↗