Axublog
Monthly
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.