Faizzaidi

**Name of the Vulnerable Software and Affected Versions** Composr CMS version 10.0.13 **Description** The issue concerns a security problem where an attacker can inject malicious code. This is achieved by manipulating the `site name` parameter in a specific request to the '/adminzone/index.php' API endpoint, specifically when the request is for 'page=admin-setupwizard&type=step3'. **Recommendations** For Composr CMS version 10.0.13, avoid using the `site name` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the '/adminzone/index.php' endpoint to minimize the risk of exploitation.