9.7 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.8%
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
github.com/kbgsft/vuln-dext5upload/wiki/File-Upload-to-RCE-in-DEXT5Upload-2.7.1402870-by-xcuter