CVE-2023-26781

Name of the Vulnerable Software and Affected Versions mccms version 2.6

Description The issue allows remote attackers to run arbitrary SQL commands via the Author Center ->Reader Comments ->Search function. This can be exploited by accessing the Author Center and then navigating to Reader Comments and Search. The specific API endpoint involved is not clearly specified, but the vulnerability is related to SQL injection, which typically involves manipulating user input to execute unauthorized SQL code.

Recommendations For mccms version 2.6, consider restricting access to the Author Center ->Reader Comments ->Search function until a patch is available. As a temporary workaround, avoid using the search functionality in the Reader Comments section to minimize the risk of exploitation.