Unauthenticated Remote Code Execution Vulnerability in AnyMailing Joomla Plugin

Unauthenticated Remote Code Execution Vulnerability in AnyMailing Joomla Plugin

CVE-2023-28731 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

Learn more about our Cis Benchmark Audit For Microsoft Office.