2025-12-10 21:13:33
VulnCheck
PUBLISHED
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ,php to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.