CVE-2023-28731

Name of the Vulnerable Software and Affected Versions AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0

Description The issue is related to unauthenticated remote code execution when access to campaign creation is granted on the front-office, due to unrestricted file upload allowing PHP code injection.

Recommendations For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the campaign creation feature on the front-office to minimize the risk of exploitation. Avoid using the unrestricted file upload feature until the issue is resolved.