2 matches found
CVE-2022-24652
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...
CVE-2022-24652
CVE-2022-24652 affects SentCMS 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the unauthorized file upload interface at /admin/upload/upload, enabling remote attackers to upload arbitrary files and achieve PHP code execution. The NVD reports a high-severity impact (...