CVE-2024-57099

Name of the Vulnerable Software and Affected Versions ClassCMS version 4.8

Description The issue allows attackers to execute arbitrary code and potentially take control of the server by constructing a payload in the classview parameter of the model management feature. This enables them to exploit the code execution vulnerability.

Recommendations For ClassCMS version 4.8, consider disabling the model management feature or restricting access to the classview parameter until a patch is available. As a temporary workaround, avoid using the classview parameter in the model management feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.