CVE-2026-46400

EPSS 0.39%
Veröffentlicht 05.06.2026 19:15:29
Zuletzt bearbeitet 08.06.2026 17:16:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attackers to upload malicious files (e.g., PHP webshells) disguised as legitimate image files, potentially leading to remote code execution. Version 25.0.0 contains a fix for the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerhaxtheweb

≫

Produkt haxcms-php

Version >= 11.0.6, < 25.0.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/haxtheweb/issues/security/advisories/GHSA-ffxv-9qv2-v2v8

https://nvd.nist.gov/vuln/detail/CVE-2026-46400

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-46400

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-46400

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-46400