CVE-2015-6567

Name of the Vulnerable Software and Affected Versions Wolf CMS versions prior to 0.8.3.1

Description The issue allows for unrestricted file upload and PHP code execution due to improper validation of the filename parameter in the file manager, accessible at the "admin/plugin/file manager/browse/" endpoint. This can be exploited by a registered user with upload access.

Recommendations For versions prior to 0.8.3.1, update to version 0.8.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the file manager or disabling the upload functionality until the update can be applied.