CVE-2026-5333

Source
https://cve.org/CVERecord?id=CVE-2026-5333
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5333.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5333
Published
2026-04-02T13:30:14.585Z
Modified
2026-07-15T01:48:57.701183973Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
DefaultFuction Content-Management-System tools.php command injection
Details

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-77"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5333.json"
}
References

Affected packages

Git / github.com/defaultfuction/content-management-system

Affected ranges

Type
GIT
Repo
https://github.com/defaultfuction/content-management-system
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "cpe": "cpe:2.3:a:defaultfuction:content_management_system:1.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Affected versions

1.*
1.0
CMS1.*
CMS1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5333.json"