CVE-2020-18048

Name of the Vulnerable Software and Affected Versions: CraigMS version 1.0

Description: An issue in craigms/main.php allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.

Recommendations: For CraigMS version 1.0, consider restricting access to the craigms/main.php file until a patch is available. As a temporary workaround, avoid using the DB Name field with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.