Vacury

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.4.1 **Description** The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. **Recommendations** For MCMS version 5.4.1, consider disabling the file upload feature as a temporary workaround until a patch is available. Restrict access to the file upload module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastCMS versions up to 0.1.5 **Description** A vulnerability was found in the New Article Category Page component of FastCMS, affecting an unknown function. This issue leads to cross-site scripting and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For FastCMS versions up to 0.1.5, update to a version later than 0.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the New Article Category Page until a patch is available.