CVE-2024-22567

Name of the Vulnerable Software and Affected Versions: MCMS version 5.3.5

Description: The issue is related to an unlimited file upload vulnerability in the /ms/file/upload.do file of the MCMS content management system. This vulnerability can be exploited by a remote attacker to upload arbitrary files by sending a specially crafted POST request. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: For MCMS version 5.3.5, as a temporary workaround, consider restricting access to the /ms/file/upload.do API endpoint until a patch is available. Avoid using this endpoint to upload files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.