CVE-2022-22929: Unrestricted Upload of File with Dangerous Type

January 22, 2022 (updated July 8, 2023)

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

References

github.com/advisories/GHSA-77hh-p7r6-66pv
nvd.nist.gov/vuln/detail/CVE-2022-22929
web.archive.org/web/20230521040336/https://gitee.com/mingSoft/MCMS/issues/I4Q4NV

Detect and mitigate CVE-2022-22929 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →