CVE-2020-22755: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

May 8, 2023 (updated May 11, 2023)

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.

References

github.com/advisories/GHSA-293v-5329-36wp
github.com/ming-soft/MCMS/issues/42
nvd.nist.gov/vuln/detail/CVE-2020-22755

Detect and mitigate CVE-2020-22755 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →