CVE-2023-30090

Name of the Vulnerable Software and Affected Versions Semcms Shop version 4.2

Description The issue is related to an arbitrary file upload vulnerability via the SEMCMS Upfile.php component. This allows attackers to execute arbitrary code by uploading a crafted PHP file. The vulnerability can be exploited remotely.

Recommendations For Semcms Shop version 4.2, consider disabling the SEMCMS Upfile.php component until a patch is available to prevent arbitrary file uploads and mitigate the risk of code execution. Restrict access to the file upload functionality to minimize the risk of exploitation.