Vulnerability Database

318,275

Total vulnerabilities in the database

CVE-2021-47736

CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.

Published: Dec 23, 2025
Updated: Jan 1, 2026
CVE: CVE-2021-47736
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
cmsimple-xh / cmsimple_xh	1.7.4	1.7.4.x

https://www.cmsimple-xh.org/
https://www.exploit-db.com/exploits/50367
https://www.vulncheck.com/advisories/cmsimplexh-authenticated-remote-code-execution-via-content-editing

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo