CVE-2018-6518

Name of the Vulnerable Software and Affected Versions Composr CMS version 10.0.13

Description The issue concerns a security problem where an attacker can inject malicious code. This is achieved by manipulating the site name parameter in a specific request to the '/adminzone/index.php' API endpoint, specifically when the request is for 'page=admin-setupwizard&type=step3'.

Recommendations For Composr CMS version 10.0.13, avoid using the site name parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the '/adminzone/index.php' endpoint to minimize the risk of exploitation.