CVE-2023-27397 Information

Description

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product’s file upload function and server save option are enabled a remote attacker may save an arbitrary file on the server and execute it.

Reference

https://microengine.jp/information/security_2023_05.html https://jvn.jp/en/jp/JVN31701509/