Para213

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to 2.0.6 Description Brave CMS, an open-source CMS, contains an unrestricted file upload issue in the CKEditor upload functionality. The issue resides in the `ckupload` method within the `app/Http/Controllers/Dashboard/CkEditorController.php` file. The method does not validate uploaded file types, relying solely on user input. This allows an authenticated user to upload executable PHP scripts, potentially leading to Remote Code Execution. Recommendations Update to version 2.0.6

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to 2.0.6 Description Brave CMS is an open-source CMS. Prior to version 2.0.6, a missing authorization check exists in the update role endpoint located at `/routes/web.php`. Specifically, the POST route `/rights/update-role/{id}` lacks the `checkUserPermissions:assign-user-roles` middleware. This allows any authenticated user to modify account roles and elevate privileges to Super Admin. Recommendations Update Brave CMS to version 2.0.6 or later.

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to 2.0.6 Description A flaw exists in the article image deletion feature of Brave CMS, specifically within the `deleteImage` method in `app/Http/Controllers/Dashboard/ArticleController.php`. The affected endpoint does not verify ownership of the image file received from the URL, allowing an authenticated user with edit permissions to delete images associated with articles owned by other users. This is an Insecure Direct Object Reference (IDOR) issue. Recommendations Update to version 2.0.6 or later.