CVE-2021-46360

HIGH

Composr-CMS <10.0.39 - Authenticated RCE

Title source: llm

Description

Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sarang Tumne · textwebappsphp

https://www.exploit-db.com/exploits/51060

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/sartlabs/0days/blob/main/Composr-CMS/Exploit.py

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171489/Composr-CMS-10.0.39-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.0422

EPSS Percentile 88.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

ocproducts/composr < 10.0.39

Published Feb 09, 2022

Tracked Since Feb 18, 2026