Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade ci4-cms-erp/ci4ms to version 0.28.5.0 or higher.
ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms
Affected versions of this package are vulnerable to Arbitrary File Upload via the createFile and save endpoints. An attacker can execute arbitrary code on the server by creating a file with a dangerous extension and injecting malicious content, which is then accessible and executable through a web request.