CVE-2018-17139

2018-09-17T06:29:00
ID CVE-2018-17139
Type cve
Reporter cve@mitre.org
Modified 2018-11-29T14:01:00

Description

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.