The plugin does not use a sufficient unique cryptographic signature in its cmsc_add_site feature, which could allow unauthenticated users to update the _cmsc_public_key settings when the plugin has not been configured yet, and get access to the plugin’s remote control features such as creating an administrator access URL
CPE | Name | Operator | Version |
---|---|---|---|
cms-commander-client | lt | 2.288 |