CVE-2015-1604
19.02.2015, 15:59
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.Enginsight
Vendor | Product | Version |
---|---|---|
adminsystems_cms_project | adminsystems_cms | 𝑥 ≤ 4.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References