Hanayuzu

**Name of the Vulnerable Software and Affected Versions** sentcms versions 4.0.x **Description** The issue allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through the "/user/upload/upload" API endpoint. **Recommendations** For sentcms versions 4.0.x, consider disabling the file upload feature or restricting access to the "/user/upload/upload" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sentcms versions 4.0.x **Description** The issue allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution in the /admin/upload/upload endpoint. **Recommendations** For sentcms versions 4.0.x, consider disabling the file upload functionality in the /admin/upload/upload endpoint until a patch is available to prevent arbitrary file uploads and potential PHP code execution.