1 results (0.005 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. Una carga arbitraria de archivos en el componente (input type="file" name="user_image") de NewsOne CMS versión v1.1.0, permite a atacantes realizar un webshell y ejecutar comandos arbitrarios • https://cxsecurity.com/issue/WLB-2020010143 • CWE-434: Unrestricted Upload of File with Dangerous Type •