CVE-2021-44978

Name of the Vulnerable Software and Affected Versions iCMS versions 8.0.0 and earlier

Description The issue allows users to add and render a custom template, which has a Server-Side Template Injection (SSTI) vulnerability. This vulnerability can cause remote code execution.

Recommendations For versions 8.0.0 and earlier, update to a version later than 8.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the template rendering functionality until a patch is available.