PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.4%