An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
[
{
"cpes": [
"cpe:2.3:a:skycaiji:skycaiji:2.8:*:*:*:*:*:*:*"
],
"vendor": "skycaiji",
"product": "skycaiji",
"versions": [
{
"status": "affected",
"version": "2.8"
}
],
"defaultStatus": "unknown"
}
]