Primary

Context

PowerCMS Unrestricted File Upload Vulnerability Allowing Arbitrary Script Execution

Vulnerability

Patched

A vulnerability exists in PowerCMS versions through 6.7, 5.3, and 4.6, allowing users to upload files of dangerous types without restriction. If an administrator accesses a malicious file uploaded by a user, it could lead to the execution of arbitrary scripts in the administrator's browser.

Impact

Exploitation of this vulnerability could result in the execution of arbitrary scripts in the browser of an administrator who accesses the uploaded malicious file.

Remediation

Users are advised to update PowerCMS to the latest version. Instructions for updating can be found on the PowerCMS website.

Added: Jul 31, 2025, 8:23 AM

Updated: Jul 31, 2025, 8:23 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerCMS Unrestricted File Upload Vulnerability Allowing Arbitrary Script Execution

Vulnerability

Impact

Remediation

Affected Products

Alfasado PowerCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating