CVE-2024-58284
PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
10 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
PopojiCMS · PopojiCMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →