CVE-2024-37878

Name of the Vulnerable Software and Affected Versions TWCMS version 2.0.3

Description The issue allows a remote attacker to execute arbitrary code. This is achieved via the "/TWCMS-gh-pages/twcms/runtime/twcms view/default,index.htm.php" endpoint, where PHP directly echoes parameters input from external sources, specifically the parameters input from external sources.

Recommendations For TWCMS version 2.0.3, consider disabling the direct echoing of parameters from external sources in the PHP code until a patch is available. Restrict access to the "/TWCMS-gh-pages/twcms/runtime/twcms view/default,index.htm.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.