CVE-2021-27230

Name of the Vulnerable Software and Affected Versions: ExpressionEngine versions prior to 5.4.2 ExpressionEngine versions 6.x prior to 6.0.3

Description: The issue allows PHP code injection by certain authenticated users who can leverage Translate::save() to write to an lang.php file under the system/user/language directory. This can be exploited by authenticated users.

Recommendations: For ExpressionEngine versions prior to 5.4.2, update to version 5.4.2 or later. For ExpressionEngine versions 6.x prior to 6.0.3, update to version 6.0.3 or later. As a temporary workaround, consider restricting access to the Translate::save() function until a patch is available.