4 matches found
CVE-2022-23315
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...
Internet Bug Bounty: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
A vulnerability was discovered in the HTTP request parsing of Node.js version 18.7.0 that allowed header fields to be incorrectly handled without carriage return line feed termination, enabling potential HTTP request smuggling...
CVE-2022-23315
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...
CVE-2022-23315
MCMS v5.2.4 is affected by an arbitrary file upload vulnerability in the component /ms/template/writeFileContent.do. The root cause, as described across connected sources, is insufficient validation/filtration of uploaded file types, enabling attackers to upload arbitrary files. This impacts conf...