A new Remote Code Execution (RCE) bypass for Cloudflare WAF has been discovered. The bypass payload %3Csvg+onload%3Dalert(1)%3E can execute arbitrary code on the server. This vulnerability allows attackers to take control of the server and perform malicious activities. More details on the blogpost soon.
For more details, check out the original tweet here: https://twitter.com/hiepNT1331/status/1816046021300109460