CVE-2020-18746

Name of the Vulnerable Software and Affected Versions: AiteCMS version 1.0

Description: The issue allows remote attackers to execute arbitrary code via the component "aitecms/login/diy list.php". This is a SQL Injection issue, which can be exploited by attackers to execute arbitrary code.

Recommendations: For AiteCMS version 1.0, consider disabling the "diy list.php" component in the "aitecms/login" directory until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.