CVE-2018-7486

Name of the Vulnerable Software and Affected Versions Blue River Mura CMS versions prior to 7.0.7029

Description The issue allows remote attackers to execute arbitrary code via a specific approach using an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames. This can be exploited in conjunction with a feature that allows file upload, potentially leading to the execution of arbitrary ColdFusion Markup Language code.

Recommendations For versions prior to 7.0.7029, update to version 7.0.7029 or later to resolve the issue. As a temporary workaround, consider restricting file uploads and disabling the use of [m] tags until a patch is applied. Restrict access to the CKFinder feature to minimize the risk of exploitation.