CVE-2022-24651 · Vexday

CVE-2022-24651

EPSS 2.5%

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.hanayuzu.top/articles/37dacab4.html