CVE-2021-20850

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 5.19 and earlier PowerCMS versions 4.49 and earlier PowerCMS versions 3.295 and earlier PowerCMS 2 Series (End-of-Life, EOL)

Description: The PowerCMS XMLRPC API allows a remote attacker to execute an arbitrary OS command via unspecified vectors. This issue affects multiple versions of PowerCMS, including 5.19 and earlier, 4.49 and earlier, 3.295 and earlier, and the PowerCMS 2 Series, which is End-of-Life.

Recommendations: For PowerCMS versions 5.19 and earlier, update to a version later than 5.19 to resolve the issue. For PowerCMS versions 4.49 and earlier, update to a version later than 4.49 to resolve the issue. For PowerCMS versions 3.295 and earlier, update to a version later than 3.295 to resolve the issue. For PowerCMS 2 Series, since it is End-of-Life, consider upgrading to a supported version of PowerCMS to mitigate the risk. As a temporary workaround, consider disabling the XMLRPC API until a patch is available.