Unauthenticated Remote Code Execution Vulnerability in AnyMailing Joomla Plugin
CVE-2023-28731 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Learn more about our Cis Benchmark Audit For Microsoft Office.