Description
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
Recommendation
Update the payload package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.15.0
- Patched version(s): 0.15.1
References
Related Issues
- Unrestricted Upload of File with Dangerous Type in ButterCMS - CVE-2022-27260
- Unrestricted Upload of File with Dangerous Type in blueimp-file-upload - CVE-2018-9206
- FUXA contains an Unrestricted File Upload vulnerability - CVE-2025-69981
- Invalid file request can crash server - CVE-2022-31089
- Tags:
- npm
- payload
Anything's wrong? Let us know Last updated on January 27, 2023