QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58280

Published: Dec 10, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

Vendor	Product	Versions
CMSimple	CMSimple	affected `5.15`

Weaknesses (CWE)

References

ExploitDB-52040

exploit

CMSimple Homepage

product

CMSimple Download Page

product

VulnCheck Advisory: CMSimple 5.15 Remote Command Execution via Extensions Configuration

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.