Lyc

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** The issue is related to an arbitrary file upload vulnerability in the /ms/file/uploadTemplate.do component, which allows attackers to execute arbitrary code. **Recommendations** For MCMS version 5.2.4, consider restricting access to the /ms/file/uploadTemplate.do endpoint until a patch is available. As a temporary workaround, disabling the file upload functionality in this component may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** An arbitrary file deletion issue was found in the /template/unzip.do component, allowing for potential file deletion. **Recommendations** For version 5.2.4, consider restricting access to the /template/unzip.do component until a fix is available.