Description

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.

Remediation

References

https://github.com/payloadcms/payload

https://www.youtube.com/watch?v=6CfhAxA3xdQ

Related Vulnerabilities

CVE-2018-1000665 Vulnerability in maven package org.webjars.npm:dojo

CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core

CVE-2019-10429 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-logo

CVE-2023-34840 Vulnerability in npm package angular-ui-notification

CVE-2023-47325 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

Severity

Critical

Classification

CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory Exploit