PT-2024-23728 · Candycms · Candycms
Published
2024-04-07
·
Updated
2024-08-01
·
CVE-2024-31022
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CandyCMS version 1.0.0
Description
An issue was discovered in CandyCMS, allowing remote attackers to execute arbitrary code via the
install.php component.Recommendations
For CandyCMS version 1.0.0, consider disabling access to the
install.php component until a patch is available.Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Candycms