Cyber Resilience

CVE-2024-58280

HighPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0054 68.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58280 is a high-severity File Descriptor Leak (CWE-403) vulnerability in Cmsimple Cmsimple. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CMSimple 5.15, a content management system, is affected by CVE-2024-58280, a remote command execution vulnerability stemming from CWE-403 (Exposure of File Descriptor or Handle to an Unauthorized Control Sphere). The flaw enables authenticated attackers to manipulate file extension controls by appending ',php' to the Extensions_userfiles configuration, allowing the upload of malicious PHP files, such as shell scripts, to the media directory. This results in arbitrary code execution on the server, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Authenticated users with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants attackers high-impact confidentiality, integrity, and availability compromises, including full server-side code execution via uploaded PHP shells in the media directory.

Advisories and related resources include a VulnCheck advisory detailing the remote command execution via extensions configuration, an Exploit-DB entry (52040) providing a public proof-of-concept, and CMSimple's official site with a download link for version 5.15, the affected release. No specific patch or mitigation details are outlined in the available references.

EU & UK References

Vulnerability details

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code…

more

on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability in the public-facing CMSimple CMS allows authenticated low-privilege users to bypass file extension controls and upload PHP web shells for remote command execution, directly facilitating T1190 (Exploit Public-Facing Application) and T1100 (Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57548Same product: Cmsimple Cmsimple
CVE-2024-57547Same product: Cmsimple Cmsimple
CVE-2024-57549Same product: Cmsimple Cmsimple
CVE-2024-57546Same product: Cmsimple Cmsimple
CVE-2021-47735Same product: Cmsimple Cmsimple
CVE-2026-40042Shared CWE-403

Affected Assets

cmsimple
cmsimple
5.15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the flaw in CMSimple 5.15 that allows authenticated attackers to append ',php' to Extensions_userfiles and upload executable shells.

prevent

Restricts low-privilege authenticated users from modifying the vulnerable Extensions_userfiles configuration setting.

prevent

Enforces least privilege to prevent low-privilege users from accessing functions that alter file extension controls or upload executable files.

References