Описание
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.
EPSS
Процентиль: 88%
0.04112
Низкий
Дефекты
CWE-43
Связанные уязвимости
github
4 месяца назад
Melis Platform CMS Unauthenticated File Upload Leading to RCE
EPSS
Процентиль: 88%
0.04112
Низкий
Дефекты
CWE-43