CVE-2024-58284

HIGH

PopojiCMS 2.0.1 - Authenticated Remote Code Execution via Metadata Settings

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58284. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit targets PopojiCMS 2.0.1 by leveraging authenticated access to inject a PHP web shell into the meta social settings, enabling remote command execution via a crafted GET request. The PoC includes login functionality and payload delivery to achieve RCE.

Description

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · pythonwebappsphp
https://www.exploit-db.com/exploits/52022

This exploit targets PopojiCMS 2.0.1 by leveraging authenticated access to inject a PHP web shell into the meta social settings, enabling remote command execution via a crafted GET request. The PoC includes login functionality and payload delivery to achieve RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PopojiCMS 2.0.1
Auth required
Prerequisites: Valid administrator credentials · Access to the target's po-admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.2
EPSS 0.0095
EPSS Percentile 56.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (2)
popojicms/popojicms 2.0.1
PopojiCMS/PopojiCMS 2.0.1
Published Dec 10, 2025
Tracked Since Feb 18, 2026