CVE-2026-11621 | Dcat-Admin up to 2.2.3-beta User Setting Page upload editorMDUpload editormd-image-file unrestricted upload

Inserito da Angelo Barbosa | Giu 8, 2026 | CVE

A vulnerability identified as critical has been detected in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload.

This vulnerability is handled as CVE-2026-11621. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-11621 | Dcat-Admin up to 2.2.3-beta User Setting Page upload editorMDUpload editormd-image-file unrestricted upload

Post correlati

CVE-2024-25852 | Linksys RE7000 2.0.9/2.0.11/2.0.15 AccessControlList access control

CVE-2026-4533 | code-projects Simple Food Ordering System 1.0 all-tickets.php Status sql injection

CVE-2024-36844 | libmodbus 3.1.6 Message use after free

CVE-2024-3911 | Welotec SMART EMS/VPN Security Suite up to 3.1.3 ui layer (VDE-2024-023)