CVE-2021-46360

Name of the Vulnerable Software and Affected Versions Composr-CMS versions 10.0.39 and earlier

Description The issue allows remote attackers to execute arbitrary code via uploading a PHP shell through the "/adminzone/index.php?page=admin-commandr" API endpoint. This enables attackers to perform authenticated remote code execution.

Recommendations For Composr-CMS versions 10.0.39 and earlier, as a temporary workaround, consider restricting access to the "/adminzone/index.php?page=admin-commandr" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.