Description
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
Remediation
References
https://www.exploit-db.com/exploits/51564
Related Vulnerabilities
CVE-2020-14340 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2020-10591 Vulnerability in maven package com.walmartlabs.concord.server:concord-server
CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-web
CVE-2023-25827 Vulnerability in maven package net.opentsdb:opentsdb
CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind