Mosaaed

**Name of the Vulnerable Software and Affected Versions** Victor CMS version 1.0 **Description** Victor CMS version 1.0 has a file upload issue. Authenticated users can upload malicious PHP files through the profile image upload feature. An attacker can upload a PHP shell to the `/img` directory and execute system commands by accessing the uploaded file through a web browser. The vulnerable feature is the profile image upload functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.