Headline
GHSA-38vf-35cg-m73w: Cockpit CMS arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.
Cockpit CMS arbitrary file upload vulnerability
Moderate severity GitHub Reviewed Published Sep 9, 2023 to the GitHub Advisory Database • Updated Sep 11, 2023
Related news
CVE-2023-41564: Mitre_opensource_report/CockpitCMS-StoredXSS.md at main · LongHair00/Mitre_opensource_report
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.