Remote Command Execution (RCE) Vulnerability in CMS Made Simple v2.2.15 via Upload Avatar Function

Remote Command Execution (RCE) Vulnerability in CMS Made Simple v2.2.15 via Upload Avatar Function

CVE-2022-23906 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

Learn more about our Web Application Penetration Testing UK.