Sylvieverykawaii

**Name of the Vulnerable Software and Affected Versions** TWCMS version 2.0.3 **Description** The issue allows a remote attacker to execute arbitrary code. This is achieved via the "/TWCMS-gh-pages/twcms/runtime/twcms view/default,index.htm.php" endpoint, where PHP directly echoes parameters input from external sources, specifically the `parameters input from external sources`. **Recommendations** For TWCMS version 2.0.3, consider disabling the direct echoing of parameters from external sources in the PHP code until a patch is available. Restrict access to the "/TWCMS-gh-pages/twcms/runtime/twcms view/default,index.htm.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.