CVE-2015-7904

2015-10-28T10:59:00
ID CVE-2015-7904
Type cve
Reporter cve@mitre.org
Modified 2015-10-28T21:05:00

Description

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>