CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

EUVD-2026-34883

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the saveFile endpoint’s validation mechanism, which does not distinguish between uppercase and lowercase file extensions...

PT-2025-7572 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .jsp file to the "/file/savefile.do" API endpoint. This is made possible by an arbitrary file upload vulnerability in the component...

PT-2023-19465 · Urule · Urule

Name of the Vulnerable Software and Affected Versions: urule version 2.1.7 Description: An XML External Entity XXE issue allows attackers to execute arbitrary code by uploading a crafted XML file to the "/urule/common/saveFile" API endpoint. This is achieved by exploiting the saveFile...