CVE-2026-15518 in Twill CMSinfo

Prediction

by VulDB Data Team • 07/12/2026

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

VulDB

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Want to know what is going to be exploited?

We predict KEV entries!