CVE-2021-44937

Name of the Vulnerable Software and Affected Versions: glFusion CMS version 1.7.9

Description: The issue allows for arbitrary user registration, where an attacker can register using the mailbox of any existing user. This can lead to a situation where legitimate users find their mailbox already occupied when attempting to register. The vulnerability is specifically located in the /public html/users.php file.

Recommendations: For glFusion CMS version 1.7.9, as a temporary workaround, consider restricting access to the /public html/users.php file until a patch is available. Additionally, monitor user registration activity closely to detect and mitigate any potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.