CVE-2024-31022 Information

Description

An issue was discovered in CandyCMS version 1.0.0 allows remote attackers to execute arbitrary code via the install.php component.

Reference

https://www.xuxblog.top/2024/03/25/CandyCMS-Pre-Auth-RCE/