2025-10-08 10:47:55
INCIBE
PUBLISHED
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technologys Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm using the mcsdetail_img parameter.