exploitDog

CVE-2015-7904

Опубликовано: 28 окт. 2015

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

Комментарий

CWE-434: Unrestricted Upload of File with Dangerous Type

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04883

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r5vj-6v5w-753q

github

больше 3 лет назад

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

EPSS

Процентиль: 89%

0.04883

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other