CVE-2023-27507 Information

Description

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product’s file upload function and server save option are enabled a remote attacker may save an arbitrary file on the server and execute it.

Reference

https://microengine.jp/information/security_2023_05.html https://jvn.jp/en/jp/JVN31701509/