Mcms
Monthly
Unrestricted file upload in mingSoft MCMS 6.1.1's template archive handler allows authenticated attackers with high privileges to upload arbitrary files via manipulation of the File parameter in /ms/file/uploadTemplate.do. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access and high-level authentication but could lead to remote code execution or system compromise.
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted file upload in mingSoft MCMS 6.1.1's template archive handler allows authenticated attackers with high privileges to upload arbitrary files via manipulation of the File parameter in /ms/file/uploadTemplate.do. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access and high-level authentication but could lead to remote code execution or system compromise.
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.