CVE-2024-58284

Sažetak

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

Reference

https://github.com/PopojiCMS/PopojiCMS
https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip
https://www.exploit-db.com/exploits/52022
https://www.popojicms.org/
https://www.vulncheck.com/advisories/popojicms-remote-command-execution-via-authenticated-metadata-settings
https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip

CVSS

Base:	7.2
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

19-12-2025 - 17:42

Objavljeno

10-12-2025 - 22:16