[payload] Unrestricted Upload of File with Dangerous Type in Payload

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-27952
• https://github.com/payloadcms/payload
• https://www.youtube.com/watch?v=6CfhAxA3xdQ
• https://github.com/advisories/GHSA-w8xh-93qh-35vw