CVE-2022-47186

Name of the Vulnerable Software and Affected Versions Generex CS141 versions prior to 2.06

Description The issue allows for an unrestricted upload of files, enabling an attacker to upload and/or delete any type of file without format restrictions or authentication in the "upload" directory. This vulnerability also facilitates a file upload XSS attack, where an attacker can upload a file containing HTML content, potentially leading to cross-site scripting.

Recommendations For versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the "upload" directory to minimize the risk of exploitation. Avoid using the file upload feature in the affected versions until the issue is resolved.