From this webpage screenshot, the following key information about the vulnerability can be extracted: Vulnerability Overview Title: Instant Developer Arbitrary File Upload Vulnerability Vulnerability Type: Arbitrary File Upload Product Vendor: Pro Gamma Affected Product: Instant Developer RD3 Framework Affected Version: RD3 22.5 r30 Attack Vector: Network Impact: Potential Unauthorized Remote Code Execution (RCE) OWASP Top Ten Category: A04:2021 - Insecure Design Severity: Critical CVSSv3 Score: 9.8 CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPE: cpe:2.3:a:instantdeveloper:rd3:22.5:r30:::: Description Instant Developer is a high-productivity platform family for developing multi-channel and cross-platform applications. It includes all tools necessary to develop, deploy, and manage these systems in an integrated and optimized manner. Differences from Original CVE-2022-39983 The vulnerability can also be exploited on web applications with a Java backend and malicious JavaScript Pages (JSP) payloads. In this case, the vulnerability can be exploited without authentication to the web application, and without requiring an authenticated “SessionID”. This CVE variant also affects versions above 22.5 r23, with the flaw discovered in version 22.5 r30. Mitigation Recompile applications using the latest version of the RD3 framework. In cases of product customization, contact the vendor. Acknowledgments Discoverer: Swascan (Tinexta Cyber) Updater and Variant Discoverer: Emanuele Di Marco @ Alten Italy Status Reported to vendor in February 2025: - The original vulnerability was fixed in framework versions covering ASP.NET, but it was confirmed that the vulnerability may also exist in subsequent versions using different server-side frameworks (such as Java and JavaScript Pages (JSP)), with no response or fix received until July 16, 2025.