D.Mortalov

**Name of the Vulnerable Software and Affected Versions** 4Site CMS versions 2.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including `login` and `password` to the "pcgi/4site.pl" endpoint, `page` to "print/print.shtml", `s` and `i` to "portfolio/index.shtml", `h` to "hotel/index.php", `id` to "news/news1.shtml", and `th` to "faq/index.shtml". **Recommendations** For 4Site CMS versions 2.6 and earlier, update to a version later than 2.6 to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoints, such as "pcgi/4site.pl", "print/print.shtml", "portfolio/index.shtml", "hotel/index.php", "news/news1.shtml", and "faq/index.shtml", until a patch is available. Avoid using the vulnerable parameters `login`, `password`, `page`, `s`, `i`, `h`, `id`, and `th` in the respective endpoints until the issue is resolved.