Twill Cms
Monthly
Unrestricted file upload in AREA 17 Twill CMS (versions up to 3.6.0) allows authenticated admin users to upload arbitrary file types via the `qqfilename` parameter in the Media Library Insert Page, creating a direct path to remote code execution on the underlying server. A public proof-of-concept documenting the full exploitation chain from file upload to RCE has been published by Bytium. No vendor patch exists - the vendor was contacted during responsible disclosure and did not respond, leaving all installations on affected versions without an official remediation path.
Unrestricted file upload in AREA 17 Twill CMS (versions up to 3.6.0) allows authenticated admin users to upload arbitrary file types via the `qqfilename` parameter in the Media Library Insert Page, creating a direct path to remote code execution on the underlying server. A public proof-of-concept documenting the full exploitation chain from file upload to RCE has been published by Bytium. No vendor patch exists - the vendor was contacted during responsible disclosure and did not respond, leaving all installations on affected versions without an official remediation path.