Arbitrary Command Execution via CSRF in EyouCMS v1.6.2 Upload Software Format Function

Arbitrary Command Execution via CSRF in EyouCMS v1.6.2 Upload Software Format Function

CVE-2023-31708 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.

Learn more about our Cms Pen Testing.