Ckeditor · Ckeditor · CVE-2023-46694
**Name of the Vulnerable Software and Affected Versions**
Vtenext version 21.02
**Description**
The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.
**Recommendations**
For Vtenext version 21.02, consider restricting access to the Ckeditor file manager functionality until a patch is available, and ensure proper authentication controls are enforced to prevent arbitrary file uploads.