CVE-2021-47936

Name of the Vulnerable Software and Affected Versions OpenCATS version 0.9.4

Description Unauthenticated attackers can execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. This is achieved by uploading PHP payloads through the 'careers job application' endpoint and executing system commands via POST requests to the uploaded file within the upload directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.