PT-2026-26973 · Sscms · Sscms
Saul1213
·
Published
2026-03-22
·
Updated
2026-03-23
·
CVE-2026-4542
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SSCMS version 4.7.0
Description
A path traversal issue exists in SSCMS. The issue is located in an unknown function within the
LayerImageController.Submit.cs file of the layerImage component. Manipulation of the filePaths argument in the layerImage endpoint can lead to path traversal. The exploit has been publicly disclosed.API Endpoints
/layerImageVulnerable Parameters or Variables
filePathsRecommendations
Update to a newer version of SSCMS that addresses this vulnerability. As a temporary workaround, restrict access to the
LayerImageController.Submit.cs file or the layerImage endpoint until a patch is available.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sscms