CVE-2015-1604

2015-02-19T10:59:18
ID CVE-2015-1604
Type cve
Reporter NVD
Modified 2015-02-20T20:40:33

Description

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.