An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
{
"nvd_published_at": "2025-04-21T15:15:59Z",
"severity": "CRITICAL",
"cwe_ids": [
"CWE-434"
],
"github_reviewed_at": "2025-04-21T16:19:45Z",
"github_reviewed": true
}