CVE-2018-18416

Name of the Vulnerable Software and Affected Versions LANGO Codeigniter Multilingual Script version 1.0

Description The issue concerns a security problem where an attacker can inject malicious code. Specifically, the site name parameter in the "admin/settings/update" API endpoint is vulnerable. This could potentially allow for malicious actions.

Recommendations For LANGO Codeigniter Multilingual Script version 1.0, as a temporary workaround, consider restricting access to the "admin/settings/update" API endpoint until a patch is available. Avoid using the site name parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.