Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

CMSimple_XH Remote Code Execution Vulnerability

Vulnerability

Exploited

A remote code execution vulnerability has been identified in CMSimple_XH version 1.7.4. This issue arises in the content editing feature, where authenticated administrative users can upload malicious PHP files. Exploitation involves bypassing the CSRF token mechanism to create a PHP shell that allows arbitrary command execution on the server.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands on the server, potentially leading to full server compromise.

Reproduction

To reproduce this vulnerability, log into a CMSimple_XH 1.7.4 site as an administrator. Navigate to the content editing section and upload a PHP file containing a payload that exploits the vulnerability. The CSRF token mechanism can be bypassed to facilitate this process. Once the file is uploaded, it can be accessed and executed, leading to remote code execution on the server.

Added: Dec 23, 2025, 8:21 PM

Updated: Dec 23, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.7

remediation

0.0

relevance

1.6

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.7

remediation

0.0

relevance

1.6

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

CMSimple_XH Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CMSimple_XH

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating