VYPR
Get started
← All advisories
Critical severityGHSA Advisory· Published Oct 8, 2025· Updated Apr 15, 2026

CVE-2025-10353

CVE-2025-10353

Description

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
melisplatform/melis-cms-sliderPackagist
< 5.3.15.3.1

Affected products

1

Patches

1
c8757338ccd2

Added extension validator on slider image upload

https://github.com/melisplatform/melis-cms-sliderCrisJan 14, 2025via ghsa
commit
4 files changed · +21 1
  • config/app.forms.php+13 0 modified
    @@ -216,6 +216,19 @@
                             'name'     => 'mcsdetail_img',
                             'required' => false,
                             'validators' => [
+                                [
+                                    'name'    => 'FileExtension',
+                                    'break_chain_on_failure' => true,
+                                    'options' => [
+                                        'case' => true,
+                                        'extension' => [
+                                            'jpg','jpeg','gif','png','webp'
+                                        ],
+                                        'messages' => [
+                                            \Laminas\Validator\File\Extension::FALSE_EXTENSION => 'tr_MelisCmsSliderDetails_wrong_extension',
+                                        ]
+                                    ]
+                                ],
                             ],
                             'filters'  => [
                                 ['name' => 'StripTags'],
  • language/en_EN.interface.php+2 0 modified
    @@ -93,5 +93,7 @@
         'tr_MelisCmsSliderShowSliderPlugin_slider_id_invalid' => 'Invalid slider selected',
         'tr_MelisCmsSliderShowSliderPlugin_slider_id_empty'   => 'Please select a slide',
 
+        'tr_MelisCmsSliderDetails_wrong_extension'   => 'File extension allowed: jpg,jpeg,gif,png,webp',
+
 	);
 ?>
\ No newline at end of file
  • language/fr_FR.interface.php+2 0 modified
    @@ -92,6 +92,8 @@
 	    'tr_MelisCmsSliderShowSliderPlugin_Description' => 'Le plugin slider affiche un slider spécifique basé sur l\'outil slider',
         'tr_MelisCmsSliderShowSliderPlugin_slider_id_invalid' => 'Invalid slider selected',
         'tr_MelisCmsSliderShowSliderPlugin_slider_id_empty'   => 'Please select a slide',
+
+        'tr_MelisCmsSliderDetails_wrong_extension  => Extensions de fichiers autorisées: jpg,jpeg,gif,png,webp',
 	    
 	);
 ?>
\ No newline at end of file
  • src/Controller/MelisCmsSliderDetailsController.php+4 1 modified
    @@ -9,6 +9,7 @@
 
 namespace MelisCmsSlider\Controller;
 
+use Laminas\Validator\File\Extension;
 use MelisCore\Controller\MelisAbstractActionController;
 use MelisCore\Service\MelisCoreToolService;
 use Laminas\File\Transfer\Adapter\Http;
@@ -431,6 +432,7 @@ public function saveDetailsFormAction()
             $confSlidersPath = $confSlidersUpload['imagesPath'];
 
             $uploadedFile = $this->getRequest()->getFiles()->toArray()['mcsdetail_img'];
+            $postValues = array_merge($postValues, $this->getRequest()->getFiles()->toArray());
 
             if (empty($uploadedFile['name'])) {
                 $form->setData($postValues);
@@ -537,7 +539,8 @@ public function saveDetailsFormAction()
                 } else {
                     $errors = $form->getMessages();
                     foreach ($errors as $keyError => $valueError) {
-                        foreach ($appConfigForm as $keyForm => $valueForm) {
+                        foreach ($appConfigForm['elements'] as $keyForm => $valueForm)
+                        {
                             if ($valueForm['spec']['name'] == $keyError &&
                                 !empty($valueForm['spec']['options']['label']))
                                 $errors[$keyError]['label'] = $valueForm['spec']['options']['label'];

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.