CVE-2024-58280

CMSimple 5.15 Remote Command Execution via Extensions Configuration

Description

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

INFO

Published Date :

2025-12-10T21:13:33.152Z

Last Modified :

2026-04-07T14:08:33.724Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2024-58280 vulnerability.

Vendors	Products
Cmsimple	Cmsimple

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-58280.

URL	Resource
https://www.cmsimple.org
https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
https://www.exploit-db.com/exploits/52040
https://www.vulncheck.com/advisories/cmsimple-remote-command-execution-via-extensions-configuration

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact