F1Shhop

**Name of the Vulnerable Software and Affected Versions** BigTree CMS version 4.2.23 **Description** The issue allows remote authenticated users with privileges to set hooks to execute arbitrary code. This is achieved via the "/core/admin/auto-modules/forms/process.php" API endpoint. **Recommendations** For BigTree CMS version 4.2.23, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.