CVE-2021-42645
CRITICALCmsimple-xh Cmsimple XH - Unrestricted File Upload
Title source: ruleDescription
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Net-hunter121/CMSimple_XH-Unauth-RCE
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cmsimple-xh/cmsimple-xh/releases/tag/1.7.5
Scores
CVSS v3
10.0
EPSS
0.0688
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
cmsimple-xh/cmsimple_xh
1.7.4
Published
May 10, 2022
Tracked Since
Feb 18, 2026