Tag

Ckeditor

1 brief RSS

Brave CMS Unrestricted File Upload Leads to Remote Code Execution

Brave CMS versions prior to 2.0.6 contain an unrestricted file upload vulnerability within the CKEditor upload functionality in the ckupload method, allowing authenticated users to upload executable PHP scripts and achieve Remote Code Execution.

cve-2026-35164 rce file-upload brave-cms ckeditor php webserver

2r 3t 1c 4w ago