CVE-2021-35290

Name of the Vulnerable Software and Affected Versions balerocms-src version 0.8.3

Description The issue allows remote attackers to run arbitrary code via a rich text editor on the "/admin/main/mod-blog" page. This is a result of a File Upload vulnerability.

Recommendations For balerocms-src version 0.8.3, consider disabling the rich text editor feature on the /admin/main/mod-blog page until a patch is available. Restrict access to this page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.