File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| melisplatform/melis-cms-slider(Packagist) | 0 | 5.3.1 | N/A |
CVSS Metrics
