Security Advisory

CVE-2021-47736

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-23 19:34:09

Last updated 2026-01-05 14:09:52

Assigner VulnCheck

State PUBLISHED

Description

CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.

← Browse all CVEs View on cve.org ↗