Shamrue

**Name of the Vulnerable Software and Affected Versions** hansunCMS version 1.4.3 **Description** A critical issue affects the /ueditor/net/controller.ashx?action=catchimage file, leading to unrestricted upload. The attack can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For version 1.4.3, consider restricting access to the /ueditor/net/controller.ashx?action=catchimage endpoint until a fix is available. As a temporary workaround, disabling the upload functionality in this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.