CVE-2024-58284

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-58284
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58284.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58284
Published
2025-12-10T22:16:20.420Z
Modified
2026-03-15T22:49:50.932584Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

References

Affected packages

Git / github.com/popojicms/popojicms

Affected ranges

Type
GIT
Repo
https://github.com/popojicms/popojicms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
07c36e2c8f2ecf27015d838d607db692385b53da
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1"
        }
    ]
}

Affected versions

v2.*
v2.0.0
v2.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58284.json"