CVE-2023-2245

Name of the Vulnerable Software and Affected Versions hansunCMS version 1.4.3

Description A critical issue affects the /ueditor/net/controller.ashx?action=catchimage file, leading to unrestricted upload. The attack can be initiated remotely. The issue has been publicly disclosed and may be exploited.

Recommendations For version 1.4.3, consider restricting access to the /ueditor/net/controller.ashx?action=catchimage endpoint until a fix is available. As a temporary workaround, disabling the upload functionality in this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.