Y7_0X

**Name of the Vulnerable Software and Affected Versions** code-projects Chamber of Commerce Membership Management System version 1.0 **Description** A flaw exists in the Chamber of Commerce Membership Management System that allows for command injection. This issue is located in the `fwrite` function within the `admin/pageMail.php` file. The `mailSubject` and `mailMessage` arguments can be manipulated to execute arbitrary commands. The attack can be initiated remotely, and an exploit is publicly available. **Recommendations** Versions prior to 1.0 are affected. As a temporary workaround, consider restricting access to the `admin/pageMail.php` file until a fix is available. Avoid using the `mailSubject` and `mailMessage` parameters in the affected file until the issue is resolved.