CVE-2021-36547

Name of the Vulnerable Software and Affected Versions Mara version 7.5

Description A remote code execution issue in the /codebase/dir.php?type=filenew component allows attackers to execute arbitrary commands via a crafted PHP file.

Recommendations For Mara version 7.5, consider disabling the /codebase/dir.php?type=filenew component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary command execution. Avoid using crafted PHP files in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.