CVE-2018-16731

Name of the Vulnerable Software and Affected Versions CScms version 4.1

Description The issue allows for arbitrary file upload. This can be achieved by modifying the default filetype list, which includes gif, jpg, and png, to accept other file types, such as php. An attacker can then specify a .php pathname within fileurl JSON data to upload malicious files.

Recommendations For CScms version 4.1, restrict the file types that can be uploaded to prevent arbitrary file upload. As a temporary workaround, consider disabling the file upload feature until a patch is available. Avoid using the fileurl JSON data to upload files with potentially malicious extensions, such as .php, until the issue is resolved.