Dat2Phit

**Name of the Vulnerable Software and Affected Versions** AquilaCMS version 1.412.13 **Description** A critical issue affects some unknown functionality of the file /api/v2/categories. The manipulation of the `PostBody.populate` argument leads to deserialization. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For AquilaCMS version 1.412.13, as a temporary workaround, consider restricting access to the `/api/v2/categories` endpoint until a patch is available. Avoid using the `PostBody.populate` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.