CVE-2026-4542

Name of the Vulnerable Software and Affected Versions SSCMS version 4.7.0

Description A path traversal issue exists in SSCMS. The issue is located in an unknown function within the LayerImageController.Submit.cs file of the layerImage component. Manipulation of the filePaths argument in the layerImage endpoint can lead to path traversal. The exploit has been publicly disclosed.

API Endpoints /layerImage

Vulnerable Parameters or Variables filePaths

Recommendations Update to a newer version of SSCMS that addresses this vulnerability. As a temporary workaround, restrict access to the LayerImageController.Submit.cs file or the layerImage endpoint until a patch is available.