CVE-2023-37602

Name of the Vulnerable Software and Affected Versions Alkacon OpenCMS version 15.0

Description The issue allows attackers to execute arbitrary code via uploading a crafted PNG file, specifically exploiting an arbitrary file upload vulnerability in the component /workplace#!explorer.

Recommendations For Alkacon OpenCMS version 15.0, consider restricting access to the /workplace#!explorer component until a fix is available, and avoid uploading unverified files to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.