CVE-2024-31011

Name of the Vulnerable Software and Affected Versions beescms version 4.0

Description The issue allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin template.php. This is an arbitrary file write vulnerability.

Recommendations For beescms version 4.0, update to a version where the file path isolation and suffix verification have been properly implemented in admin template.php to prevent arbitrary file writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.