Primary

Context

Connect-CMS Code Study Plugin Arbitrary Code Execution Vulnerability

Vulnerability

A vulnerability allowing arbitrary code execution has been identified in the Code Study Plugin of Connect-CMS. This issue affects authenticated users and is present in the 1.x series versions prior to 1.41.0, as well as in the 2.x series versions prior to 2.41.0. The vulnerability arises from insufficient validation, which could be exploited to execute unintended code on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server, with potential for information disclosure.

Remediation

Users should update to version 1.41.1 or later for the 1.x series, and to version 2.41.1 or later for the 2.x series.

Added: Mar 23, 2026, 10:37 PM

Updated: Mar 23, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Connect-CMS Code Study Plugin Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating