cvedb.io
CVE-2021-42645
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2022-05-10T12:15:08.477 · Last modified 2026-06-17T04:09:54.620

Summary

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.

Affected products

cmsimple-xh — cmsimple_xh

Does this affect you?

Add your gear to cvedb and we'll alert you only when cmsimple-xh ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.