CVE-2023-1368

Name of the Vulnerable Software and Affected Versions XHCMS version 1.0

Description A critical issue has been found in the POST Parameter Handler component of the login.php file, where the manipulation of the user argument leads to SQL injection. This issue can be initiated remotely.

Recommendations For XHCMS version 1.0, consider restricting access to the login.php file or disabling the POST Parameter Handler component until a fix is available. Avoid using the user argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.