CVE-2024-58280

HIGH

CMSimple 5.15 - Authenticated Remote Command Execution via Extensions Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58280. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in CMSimple 5.15 by modifying the allowed file extensions to include PHP, enabling remote command execution via a malicious PHP shell upload.

Description

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · textwebappsphp
https://www.exploit-db.com/exploits/52040

This exploit leverages a file upload vulnerability in CMSimple 5.15 by modifying the allowed file extensions to include PHP, enabling remote command execution via a malicious PHP shell upload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CMSimple 5.15
Auth required
Prerequisites: Authenticated access to CMSimple admin panel · Ability to modify 'Extensions_userfiles' setting · Access to file upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 68.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-403
Status published
Products (2)
cmsimple/cmsimple 5.15
CMSimple/CMSimple 5.15
Published Dec 10, 2025
Tracked Since Feb 18, 2026