Insufficient Blacklisting in M-Files Web Companion: Remote Code Execution via Specific File Types

CVE-2023-5524 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types

Learn more about our Web App Pen Testing.