Описание
SiteServer CMS RCE via unsafe file upload
A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.
Пакеты
Наименование
sscms
nuget
Затронутые версииВерсия исправления
< 6.12
6.12
Связанные уязвимости
CVSS3: 7.2
nvd
почти 7 лет назад
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.