CVE-2015-2994

2015-06-08T14:59:00
ID CVE-2015-2994
Type cve
Reporter cve@mitre.org
Modified 2018-10-09T19:56:00

Description

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>