Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

CMSimple Remote Code Execution Vulnerability

Vulnerability

Exploited

A remote code execution vulnerability has been identified in CMSimple version 5.4. This vulnerability allows authenticated attackers to inject malicious PHP code into template files. Exploitation involves using the template editing feature to save a crafted payload, such as a reverse shell, through the template editing endpoint, accompanied by a valid CSRF token.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where CMSimple is hosted.

Reproduction

To reproduce this vulnerability, log into a CMSimple 5.4 site as a user with template editing permissions. Navigate to the template editing section and inject a PHP payload into the template file. This payload can be a reverse shell, for example. Save the changes, and the injected code will be executed on the server.

Added: Dec 23, 2025, 8:22 PM

Updated: Dec 23, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.7

remediation

0.0

relevance

1.7

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.7

remediation

0.0

relevance

1.7

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

CMSimple Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CMSimple

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating