CVE-2021-46384

Name of the Vulnerable Software and Affected Versions MCMS versions 5.2.5 and earlier

Description The issue allows an unauthenticated attacker with network access via http to compromise MCMS, resulting in the takeover of MCMS. The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. This is a pre-auth RCE vulnerability that enables the execution of arbitrary code remotely.

Recommendations For MCMS versions 5.2.5 and earlier, as a temporary workaround, consider restricting access to the Execute function in the freemarker template utility to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.