CVE-2021-20850

Summary

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS XMLRPC APIPowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, PowerCMS 2 Series (End-of-Life, EOL)affected

Weaknesses

  • OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References