Arbitrary Code Execution via File Upload in MCMS v5.2.4 New Template Module

Arbitrary Code Execution via File Upload in MCMS v5.2.4 New Template Module

CVE-2022-22929 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Learn more about our Cms Pen Testing.