CVE-2023-1482 – HkCms External Plugin code injection

https://notcve.org/view.php?id=CVE-2023-1482

18 Mar 2023 — A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. • https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD • CWE-94: Improper Control of Generation of Code ('Code Injection') •