CVE-2022-45338

The CVE-2022-45338 issue affects Exact Synergy Enterprise 267 (pre-267SP13) and 500 (pre-500SP6). It is an arbitrary file upload vulnerability in the profile picture upload function that permits executing arbitrary code via a crafted SVG file. Affected component: profile picture upload handler; r...