CVE-2021-47735
Unknown Unknown - Not Provided
Authenticated Remote Code Execution in CMSimple 5.4 Template Editor

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: VulnCheck

Description
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47735
EUVD
EUVD-2025-204828
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cmsimple cmsimple 5.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47735 is an authenticated remote code execution vulnerability in CMSimple version 5.4. It allows an attacker who has valid login credentials to inject malicious PHP code into template files via the template editing functionality. The attacker must obtain a valid CSRF token to save a crafted payload, such as a reverse shell, through the template editing endpoint. Once the malicious code is saved, it can be executed by accessing the CMSimple application, leading to remote code execution on the server. [1, 2]

Impact Analysis

This vulnerability can lead to full system compromise. An authenticated attacker can execute arbitrary commands on the server by injecting PHP code into template files, potentially gaining control over the affected system. This can result in unauthorized access, data theft, service disruption, or further attacks launched from the compromised server. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for authenticated POST requests to the template editing endpoint that include PHP code injection attempts. One approach is to check web server logs for POST requests to the template save action containing suspicious PHP code, especially code using exec() or reverse shell commands. Additionally, you can attempt to log in with valid credentials and inspect the template editing page for unexpected changes or injected PHP code. Since the exploit involves sending POST requests with a valid CSRF token, automated scripts can be used to detect abnormal template modifications. Specific commands are not provided, but reviewing web server access logs (e.g., using grep for POST requests to template endpoints) and scanning template files for injected PHP code can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the template editing functionality to only highly trusted users, ensuring strong authentication and session management to prevent unauthorized access, and monitoring for suspicious activity related to template file modifications. Applying any available patches or updates from CMSimple is recommended. Additionally, disabling or restricting the ability to inject PHP code via the template editor, if possible, can reduce risk. Implementing Web Application Firewall (WAF) rules to detect and block malicious POST requests containing PHP code payloads targeting the template editing endpoint can also help mitigate exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart