216.73.217.172

CVE-2021-47734

· Published 23/12/2025 20:15 · Modified 23/12/2025 20:15

Labels: CVE-2021-47734 2025-12-23CVE-2021-47734CWE-98[email protected]

Essential information

Published
23/12/2025 20:15
Modified
23/12/2025 20:15
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cmsimple / cmsimple cpe:2.3:a:cmsimple:cmsimple:5.4:*:*:*:*:*:*:*

References