PT-2026-22504 · Unknown+1 · Maxsite Cms+1

Mrsolo404

Publicado

2026-03-01

Atualizado

2026-03-06

CVE-2026-3395

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions up to 109.1

Description A code injection issue exists in MaxSite CMS due to a flaw in the eval function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoint component. Remote attackers can exploit this to inject code. The exploit has been published and is potentially being used in attacks.

Recommendations Upgrade MaxSite CMS to version 109.2 to resolve this issue.

Correção

Code Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-74

Identificadores relacionados

CVE-2026-3395

Produtos afetados

Markitup

Maxsite Cms

PT-2026-22504 · Unknown+1 · Maxsite Cms+1

CVE-2026-3395

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15