2 matches found
Arbitrary Code Execution
melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...
CVE-2025-10353
CVE-2025-10353 is an RCE via unrestricted file upload in Melis Technology's Melis Platform, specifically the melis-cms-slider module. A crafted POST to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm uploading via the mcsdetail_img parameter can allow an attacker to place and execute ...