4 matches found
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
Cockpit CMS v2.6.3 is vulnerable to arbitrary code execution via the Upload Asset function by uploading a crafted .shtml file to /assets/upload. The root cause is a missing ban of the .shtml extension in the forbiddenExtension list, allowing .shtml uploads that can execute server-side scripts. Th...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...