CVE-2019-11568

Name of the Vulnerable Software and Affected Versions AikCms version 2.0

Description A file upload issue was discovered, allowing potential execution of PHP code. This can be achieved by sending a request to the "admin/page/system/nav.php" endpoint with a .php file and the application/octet-stream content type.

Recommendations For AikCms version 2.0, consider restricting file uploads to only necessary and validated file types to minimize the risk of exploitation. As a temporary workaround, restrict access to the "admin/page/system/nav.php" endpoint until a patch is available.