thinkcmf/thinkcmf vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is due to insufficient validation of file extensions during the upload process in UeditorController.php
. This flaw allows an attacker to execute arbitrary code via uploaded malicious files.
CPE | Name | Operator | Version |
---|---|---|---|
thinkcmf/thinkcmf | le | v6.0.9 | |
thinkcmf/thinkcmf | le | v6.0.9 |