Description

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

Remediation

References

https://gitee.com/mingSoft/MCMS/issues/I56AID

Related Vulnerabilities

CVE-2023-36477 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ckeditor-ui

CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js

CVE-2022-41879 Vulnerability in npm package parse-server

CVE-2021-32770 Vulnerability in npm package gatsby-source-wordpress

CVE-2020-10689 Vulnerability in maven package org.eclipse.che.infrastructure:infrastructure-kubernetes

Severity

Critical

Classification

CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory