3 matches found
Privilege escalation
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-42154
CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...
CVE-2022-42154
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...