CVE-2020-21651

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Myucms version 2.2.1

Description: The issue is related to a remote code execution (RCE) vulnerability in the controllerpoint.php component. This vulnerability can be exploited via the add() method.

Recommendations: For Myucms version 2.2.1, consider disabling the add() method in the controllerpoint.php component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-21651

Affected Products

Muyucms

CVE-2020-21651

Weakness Enumeration

Related Identifiers

Affected Products

References · 4