CVE-2019-9829

Name of the Vulnerable Software and Affected Versions Maccms version 10

Description The issue allows remote attackers to execute arbitrary PHP code by entering this code in a template/default pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.

Recommendations For Maccms version 10, consider restricting access to the template rendering functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the template/default pc/html/art Edit action until a patch is available.