CVE-2022-28525

Name of the Vulnerable Software and Affected Versions ED01-CMS version v20180505

Description The issue is related to an arbitrary file upload vulnerability. This vulnerability can be exploited via the /admin/users.php?source=edit user&id=1 endpoint, allowing unauthorized file uploads.

Recommendations For ED01-CMS version v20180505, as a temporary workaround, consider disabling the file upload functionality in the /admin/users.php endpoint until a patch is available. Restrict access to the id parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.