Vulnerabilities

CVE-2025-10353

by Fred · 08/10/2025

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology’s Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to ‘/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm’ using the ‘mcsdetail_img’ parameter.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform

Similar

Tags: Cybersecurity Alert