2 matches found
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...
CVE-2022-23048
CVE-2022-23048 affects Exponent CMS 2.6.0patch2. An authenticated admin can upload a ZIP extension containing a PHP file; the file is written to the server under themes/simpletheme/{rce}.php and can be accessed to execute commands. This is a post-auth file upload vulnerability enabling remote cod...