Tag
#file-upload
4 posts tagged #file-upload.
-
Analysis · Jun 18, 2026 · Colten Anderson
Two Struts CVEs, one incomplete fix, and the enterprise Java visibility problem
CVE-2023-50164 and CVE-2024-53677 hit the same file upload component in Apache Struts, a year apart. The second arrived because the fix for the first didn't go far enough. The real exposure is organizations that don't know where Struts lives in their stack.
-
Analysis · May 20, 2026 · Colten Anderson
An uploaded filename is attacker input. dotCMS forgot, and got a webshell.
CVE-2022-26352 is a directory traversal in dotCMS's upload API: the filename in a multipart request wasn't sanitized, so '../' sequences let an attacker write a JSP webshell to a web-reachable directory. With anonymous content creation on, that's unauthenticated RCE.
-
Analysis · May 20, 2026 · Colten Anderson
WSO2 CVE-2022-29464: an upload bug on the box that brokers your APIs and logins
CVE-2022-29464 is an unauthenticated file-upload-to-RCE in WSO2 products. The bug is a familiar one. What makes it serious is where it lives: API management and identity middleware that sits in front of your services and authenticates your users.
-
Analysis · May 5, 2026 · Colten Anderson
SmarterMail fixed a CVSS 10 and told no one for two months
CVE-2025-52691 is a pre-auth RCE in SmarterMail's file upload API. SmarterTools patched it silently in October 2025 with no CVE, no advisory, and release notes that said 'critical security fixes.' watchTowr found the silent fix two months later. Here's why that matters.