CVE-2023-1482

Name of the Vulnerable Software and Affected Versions HkCms version 2.2.4.230206

Description A problematic issue was found in the External Plugin Handler component, affecting an unknown part of the file /admin.php/appcenter/local.html?type=addon. This issue leads to code injection and can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For HkCms version 2.2.4.230206, as a temporary workaround, consider restricting access to the /admin.php/appcenter/local.html?type=addon endpoint until a patch is available. Additionally, restrict the use of the External Plugin Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.