Primary

Context

InnovaStudio WYSIWYG Editor Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unrestricted file upload has been identified in InnovaStudio WYSIWYG Editor version 5.4. This issue arises from the asset manager's failure to properly enforce file extension restrictions, allowing attackers to manipulate filenames and exploit null byte techniques to upload malicious ASP shell files. The vulnerability is present on Windows 10 and Windows Server 2019.

Impact

Exploitation of this vulnerability allows for unrestricted file upload, which can lead to the execution of malicious ASP shell files on the server.

Reproduction

The vulnerability can be reproduced by uploading a file through the asset manager while manipulating the filename to include a null byte and an alternate file extension. This bypasses the application's file type restrictions and allows the upload of malicious ASP shell files.

Added: Dec 19, 2025, 9:25 PM

Updated: Dec 19, 2025, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InnovaStudio WYSIWYG Editor Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating