Bebe

**Name of the Vulnerable Software and Affected Versions** publiccms versions V4.0.202302.e and before **Description** The issue concerns an Any File Upload vulnerability via the `publiccms/admin/cmsTemplate/saveMetaData` endpoint. This allows unauthorized file uploads, potentially leading to security breaches. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For publiccms versions V4.0.202302.e and before, consider upgrading to the latest version to mitigate the vulnerability. As a temporary workaround, restrict access to the `publiccms/admin/cmsTemplate/saveMetaData` endpoint to minimize the risk of exploitation.