Unrestricted Upload of File with Dangerous Type in ButterCMS

Description

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.2.8

References

• GHSA-3v5x-qjrp-q2hq
• www.youtube.com
• CVE-2022-27260
• CWE-434
• CAPEC-310
• OWASP 2021-A4
• OWASP 2021-A6

Related Issues

• Unrestricted Upload of File with Dangerous Type in Payload - CVE-2022-27952
• Unrestricted Upload of File with Dangerous Type in blueimp-file-upload - CVE-2018-9206
• Parse Server: File upload Content-Type override via extension mismatch - CVE-2026-35200
• FUXA contains an Unrestricted File Upload vulnerability - CVE-2025-69981

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

buttercms