CVE-2022-30037

Name of the Vulnerable Software and Affected Versions XunRuiCMS versions 4.3.3 through 4.5.1

Description The issue allows attackers to execute arbitrary PHP code via the add function in cron.php. This is made possible by the vulnerability to PHP file write and CMS PHP file inclusion.

Recommendations For versions 4.3.3 through 4.5.1, as a temporary workaround, consider disabling the add function in cron.php until a patch is available. Restrict access to the cron.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.