We1H0

**Name of the Vulnerable Software and Affected Versions** SiteServerCMS versions 5.X **Description** The issue is related to a Remote-download-Getshell-vulnerability. This vulnerability can be exploited via the "/SiteServer/Ajax/ajaxOtherService.aspx" API endpoint. **Recommendations** For SiteServerCMS version 5.X, consider restricting access to the "/SiteServer/Ajax/ajaxOtherService.aspx" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.