CVE-2017-15872

Name of the Vulnerable Software and Affected Versions phpwcms version 1.8.9

Description The issue concerns a problem with user input validation, allowing for malicious code execution. Specifically, it affects the username field, also known as new login. This can be exploited in certain templates, notably include/inc tmpl/admin.edituser.tmpl.php and include/inc tmpl/admin.newuser.tmpl.php.

Recommendations For phpwcms version 1.8.9, consider validating and sanitizing user input in the username field to prevent malicious code execution. As a temporary workaround, restrict access to the affected templates until a proper fix is applied.