{"id":"CVE-2021-46360","details":"Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.","modified":"2026-03-14T11:18:35.496372Z","published":"2022-02-09T14:15:07.847Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/171489/Composr-CMS-10.0.39-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"https://github.com/sartlabs/0days/blob/main/Composr-CMS/Exploit.py"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/composr-foundation/composr","events":[{"introduced":"0"},{"last_affected":"78ee527054a8bf49b7ebc7d734582fb1757c36a5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0.39"}]}}],"versions":["10","10.0.1","10.0.10","10.0.11","10.0.12","10.0.13","10.0.14","10.0.15","10.0.16","10.0.17","10.0.18","10.0.19","10.0.2","10.0.20","10.0.21","10.0.22","10.0.23","10.0.24","10.0.25","10.0.26","10.0.27","10.0.28","10.0.29","10.0.3","10.0.30","10.0.31","10.0.32","10.0.33","10.0.34","10.0.35","10.0.36","10.0.37","10.0.39","10.0.4","10.0.5","10.0.6","10.0.7","10.0.8","10.0.9","10.RC1","10.RC10","10.RC11","10.RC12","10.RC13","10.RC14","10.RC15","10.RC16","10.RC17","10.RC18","10.RC19","10.RC2","10.RC20","10.RC21","10.RC22","10.RC23","10.RC24","10.RC25","10.RC27","10.RC28","10.RC29","10.RC3","10.RC3-2","10.RC30","10.RC31","10.RC32","10.RC33","10.RC4","10.RC5","10.RC7","10.RC8","10.RC9","10.beta2","10.beta3","10.beta4","10.beta5","10beta1","beta1_rerelease"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46360.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}