CVE-2022-45896

Name of the Vulnerable Software and Affected Versions Planet eStream versions prior to 6.72.10.07

Description The issue allows unauthenticated upload of arbitrary files, which can lead to remote code execution. This can be achieved through "Choose a Video / Related Media or Upload Document" or by utilizing "Upload2.ashx" or "Ajax.asmx/ProcessUpload2".

Recommendations For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Upload2.ashx" and "Ajax.asmx/ProcessUpload2" endpoints until a patch is applied.