Mrsolo404

**Name of the Vulnerable Software and Affected Versions** MaxSite CMS versions up to 109.1 **Description** A code injection issue exists in MaxSite CMS due to a flaw in the `eval` function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoint component. Remote attackers can exploit this to inject code. The exploit has been published and is potentially being used in attacks. **Recommendations** Upgrade MaxSite CMS to version 109.2 to resolve this issue.