CVE-2021-26739

Name of the Vulnerable Software and Affected Versions millken doyocms version 2.3

Description The issue allows attackers to execute arbitrary code via the attribute parameter in the pay.php file. This is a SQL Injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database.

Recommendations For millken doyocms version 2.3, consider restricting access to the pay.php file until a patch is available. As a temporary workaround, avoid using the attribute parameter in the pay.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.