Vulnerability Details CVE-2021-47734
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 5.5
References