Headline
GHSA-293v-5329-36wp: MCMS vulnerable to arbitrary code execution via crafted thumbnail
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
MCMS vulnerable to arbitrary code execution via crafted thumbnail
High severity GitHub Reviewed Published May 8, 2023 to the GitHub Advisory Database • Updated May 11, 2023
Related news
CVE-2020-22755: GitHub - ming-soft/MCMS: 完整开源!Java快速开发平台!基于Spring、SpringMVC、Mybatis架构,MStore提供更多好用的插件与模板(文章、商城、微信、论坛、会员、评论、支付、积分、工作流、任务调度等,同时提供上百套免费模板任意选择),价值源自分享!铭飞系统不仅一套简单好用的开源系统、更是一整套优质的开源生态内容体系。铭飞的使命就是降低开发成本提高开发效
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.