CVE-2021-37770
CVE-2021-37770 affects Nucleus CMS v3.71. The issue is a file upload vulnerability that bypasses the intended upload controls by enabling an Htaccess file to be written to an AddType mapping (application/x-httpd-php.jpg), allowing the uploaded image to be treated as PHP and execute commands. This...