What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through <= 3.1.1.
Explanation of Vulnerability in Simple Terms
02Summary
Advanced Settings versions 3.1.1 and earlier allow authenticated administrators to upload files without proper validation. An attacker with admin privileges can upload malicious files that affect the confidentiality, integrity, and availability of the site and potentially other systems. The vulnerability requires high-level access but has broad impact due to changed scope.
What an attacker can do
03Attacker Capabilities
Upload malicious files to compromise site data, modify content, or disrupt service.
Potential impact on your site
04Site Impact
A compromised admin account can upload files to damage your site's integrity, steal data, or take the site offline.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the site.
Key dates
06Disclosure timeline
November 6, 2025
CVE published
April 28, 2026
Record updated