A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
[
{
"product": "Jcow CMS",
"vendor": "Jcow",
"versions": [
{
"status": "affected",
"version": "4.x to 4.2 and 5.x to 5.2"
}
]
}
]