Description
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
Remediation
References
https://github.com/payloadcms/payload
https://www.youtube.com/watch?v=6CfhAxA3xdQ
Related Vulnerabilities
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2019-8331 Vulnerability in maven package org.webjars.npm:bootstrap
CVE-2022-28156 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2022-37734 Vulnerability in maven package com.graphql-java:graphql-java
CVE-2018-10936 Vulnerability in maven package org.postgresql:postgresql