MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recomended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. These findings have been reported by Vladimir Razov of Positive Technologies. Positive Technologies have contacted us about these finding and have been assisting us throughout the process of remediation and releasing a patch. We would like to thank the Positive Technologies team for the responsible way of handling this incident, and express our admiration for the high level of professionalism of the reporter. All MediaCMS users please upgrade on the latest version, following the instructions you will find on the project documentation. For more information, check the security advisory on the Github project: https://github.com/mediacms-io/mediacms/security/advisories