CVE Vulnerabilities

CVE-2015-7904

Published: Oct 28, 2015 | Modified: Oct 28, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

Affected Software

Name Vendor Start Version End Version
Mango_automation Infinite_automation_systems 2.5.0 (including) 2.5.0 (including)
Mango_automation Infinite_automation_systems 2.5.5 (including) 2.5.5 (including)
Mango_automation Infinite_automation_systems 2.6.0 (including) 2.6.0 (including)

References