CVE-2021-36432

Name of the Vulnerable Software and Affected Versions jocms version 0.8

Description The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the jo set mask() function in jocms/apps/mask/mask.php.

Recommendations For jocms version 0.8, consider disabling the jo set mask() function as a temporary workaround until a patch is available. Restrict access to the mask.php file in the jocms/apps/mask directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.