CVE-2025-10353

Description

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technologys Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm using the mcsdetail_img parameter.