A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-74",
"CWE-77"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5333.json"
}{
"source": [
"AFFECTED_FIELD",
"CPE_STRING"
],
"cpe": "cpe:2.3:a:defaultfuction:content_management_system:1.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.0"
},
{
"last_affected": "1.0"
}
]
}